fix: Rename Plugin_config methods to avoid conflict with CodeIgniter Model::set()

The PluginConfig class extends CodeIgniter\Model which has its own set() method
for query building. Renaming get()/set() to getValue()/setValue() avoids this conflict.

Also fixed:
- batchSave() to use setValue() instead of set()
- Updated all callers in PluginManager and BasePlugin to use renamed methods

.bowerrc

@@ -1,7 +0,0 @@
-{
-    "directory": "public/bower_components",
-    "scripts": {
-        "postinstall": "grunt default genlicense",
-        "postuninstall": "grunt default genlicense"
-    }
-}

.dockerignore

@@ -1,6 +1,6 @@
 node_modules
 tmp
-application/config/email.php
+app/Config/Email.php
 *.patch
 patches/
 .idea/
@@ -10,10 +10,14 @@ git-svn-diff.py
 .buildpath
 .project
 .settings/*
+.git
+dist/
+node_modules/
 *.swp
 *.rej
 *.orig
 *~
 *.~
 *.log
-application/sessions/*
+app/writable/session/*
+!app/writable/session/index.html

.editorconfig

@@ -0,0 +1,15 @@
+# editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+max_line_length = 120
+
+[*.md]
+trim_trailing_whitespace = false

.env.example

@@ -0,0 +1,63 @@
+#--------------------------------------------------------------------
+# ENVIRONMENT
+#--------------------------------------------------------------------
+
+CI_ENVIRONMENT = production
+
+#--------------------------------------------------------------------
+# DATABASE
+#--------------------------------------------------------------------
+
+database.default.hostname = 'localhost'
+database.default.database = 'ospos'
+database.default.username = 'admin'
+database.default.password = 'pointofsale'
+database.default.DBDriver = 'MySQLi'
+database.default.DBPrefix = 'ospos_'
+
+database.development.hostname = 'localhost'
+database.development.database = 'ospos'
+database.development.username = 'admin'
+database.development.password = 'pointofsale'
+database.development.DBDriver = 'MySQLi'
+database.development.DBPrefix = 'ospos_'
+
+database.tests.hostname = 'localhost'
+database.tests.database = 'ospos'
+database.tests.username = 'admin'
+database.tests.password = 'pointofsale'
+database.tests.DBDriver = 'MySQLi'
+database.tests.DBPrefix = 'ospos_'
+
+#--------------------------------------------------------------------
+# ENCRYPTION
+#--------------------------------------------------------------------
+
+encryption.key = ''
+
+#--------------------------------------------------------------------
+# LOGGER
+# - 0 = Disables logging, Error logging TURNED OFF
+# - 1 = Emergency Messages - System is unusable
+# - 2 = Alert Messages - Action Must Be Taken Immediately
+# - 3 = Critical Messages - Application component unavailable, unexpected exception.
+# - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
+# - 5 = Warnings - Exceptional occurrences that are not errors.
+# - 6 = Notices - Normal but significant events.
+# - 7 = Info - Interesting events, like user logging in, etc.
+# - 8 = Debug - Detailed debug information.
+# - 9 = All Messages
+#--------------------------------------------------------------------
+
+logger.threshold = 0
+app.db_log_enabled = false
+
+#--------------------------------------------------------------------
+# HONEYPOT
+#--------------------------------------------------------------------
+
+honeypot.hidden = true
+honeypot.label = 'Fill This Field'
+honeypot.name = 'honeypot'
+honeypot.template = '<label>{label}</label><input type="text" name="{name}" value="">'
+honeypot.container = '<div style="display:none">{template}</div>'

.gitattributes

@@ -1,3 +1,3 @@
 dist/ merge=ours
-application/language/**/*.php merge=ours
-text=auto
+app/Language/**/*.php merge=ours
+text=auto eol=lf

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: jekkos
+custom: ["https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MUN6AEG7NY6H8"]

.github/ISSUE_TEMPLATE.md

@@ -10,7 +10,7 @@ Please make sure you tick (add an x between the square brackets with no spaces)
 - [] Read the [FAQ](https://github.com/opensourcepos/opensourcepos#faq) for any known install and/or upgrade gotchas (in specific PHP extensions installed)
 - [] Read the [wiki](https://github.com/opensourcepos/opensourcepos/wiki)
 - [] Executed any database upgrade scripts if an upgrade pre 3.0.0 (e.g. database/2.4_to_3.0.sql)
-- [] Aware the installation code is in [bintray](https://bintray.com/jekkos/opensourcepos/opensourcepos/view/files?sort=updated&order=asc#files) (see README), and [GitHub master](https://github.com/opensourcepos/opensourcepos/tree/master) is for [developers only](https://github.com/opensourcepos/opensourcepos/wiki/Development-setup) and therefore not complete nor stable
+- [] Aware the installation code that [GitHub master](https://github.com/opensourcepos/opensourcepos/tree/master) is for [developers only](https://github.com/opensourcepos/opensourcepos/wiki/Development-setup) and therefore not complete nor stable.
 
 ### Installation information
 

.github/ISSUE_TEMPLATE/bug report.yml

@@ -0,0 +1,121 @@
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "triage"]
+projects: ["ospos/3", "ospos/4"]
+assignees:
+  - none
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Bug reports indicate that something is not working as intended. 
+        Please include as much detail as possible and submit a separate bug report for each problem.
+        Do not include personal identifying information such as email addresses or encryption keys.           
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: Bug Description?
+      description: Describe the problem that you are seeing
+      placeholder: "Describe the problem that you are seeing"
+    validations:
+      required: true 
+  - type: textarea
+    id: steps-reproduce
+    attributes:
+      label: Steps to Reproduce?
+      description: List the steps to reproduce this issue
+      placeholder: "Steps to Reproduce"
+    validations:
+      required: true
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: Expected Behavior?
+      description: Tell us what did you expect to happen?
+      placeholder: "Expected Behavior"
+    validations:
+      required: true    
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: OpensourcePOS Version
+      description: What version of our software are you running?
+      options:
+        - development (unreleased)
+        - opensourcepos 3.4.1
+        - opensourcepos 3.4.0
+        - opensourcepos 3.3.9
+        - opensourcepos 3.3.8
+        - opensourcepos 3.3.7
+      default: 0
+    validations:
+      required: true
+  - type: dropdown
+    id: php-version
+    attributes:
+      label: Php version
+      description: What version of Php?
+      options:
+        - Php 7.2
+        - Php 7.3
+        - Php 7.4
+        - Php 8.1 
+        - Php 8.2
+        - Php 8.3
+        - Php 8.4
+      default: 0
+    validations:
+      required: true 
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+        - Other
+  - type: input
+    id: server
+    attributes:
+      label: Server Operating System and version
+      description: "Server Operating System "
+      placeholder: "Server Operating System "
+    validations:
+      required: true  
+  - type: input
+    id: database
+    attributes:
+      label: Database Management System and version
+      description: "Database Management System"
+      placeholder: "Database Management"
+    validations:
+      required: true   
+  - type: input
+    id: webserver
+    attributes:
+      label: Web Server and version
+      description: "Web Server and version "
+      placeholder: "Web Server and version "
+    validations:
+      required: true    
+  - type: textarea
+    id: servers
+    attributes:
+      label: System Information Report (optional)
+      description: Copy and paste from OSPOS > Configuration > Setup & Conf > Setup & Conf?
+      placeholder: System Information Report
+      value: "System Information Report"
+    validations:
+      required: true  
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Unmodified copy of OpensourcePOS
+      description: By submitting this issue you agree this copy has not been modified
+      options:
+        - label: I agree this copy has not been modified
+          required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,63 @@
+name: ✨ Feature Request
+description: Suggest an idea for this project
+title: "[Feature]: "
+labels: ["enhancement"]
+assignees: ["none"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this feature request! 🤗
+        Please make sure this feature request hasn't been already submitted by someone by looking through other open/closed issues. 😃
+
+  - type: dropdown
+    attributes:
+      multiple: false
+      label: Type of Feature
+      description: Select the type of feature request.
+      options:
+        - "✨ New Feature"
+        - "📝 Documentation"
+        - "🎨 Style and UI"
+        - "🔨 Code Refactor"
+        - "⚡ Performance Improvements"
+        - "✅ New Test"
+    validations:
+      required: true
+      
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: OpensourcePOS Version
+      description: What version of our software are you running?
+      options:
+        - opensourcepos 3.3.9
+        - opensourcepos 3.3.8
+        - opensourcepos 3.3.7
+      default: 0
+    validations:
+      required: true  
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Give us a brief description of the feature or enhancement you would like
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional Information
+      description: Give us some additional information on the feature request like proposed solutions, links, screenshots, etc.
+      
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Verify you searched open requests in OpensourcePOS
+      description: By submitting this request you agree that you have searched Open Requests in the Tracker
+      options:
+        - label: I agree I have searched Open Requests
+          required: true 
+ 

.github/stale.yml

@@ -0,0 +1,18 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 30
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - enhancement
+  - needsowner
+  - bug
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '21 12 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/delete-unstable-release.yml

@@ -0,0 +1,22 @@
+name: "Delete Unstable Release"
+
+on:
+  push:
+    branches:
+    - master
+
+jobs:
+  delete_unstable_release:
+    runs-on: ubuntu-latest
+    steps: 
+      - name: "Delete last unstable release"
+        uses: sgpublic/delete-release-action@v1.2
+        env: 
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+        with:
+          release-drop: false
+          release-drop-tag: false
+          pre-release-drop: true
+          pre-release-keep-count: -1
+          pre-release-drop-tag: true
+

.github/workflows/main.yml

@@ -0,0 +1,63 @@
+name: Coding Standards
+
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'spark'
+      - '.github/workflows/test-coding-standards.yml'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'spark'
+      - '.github/workflows/test-coding-standards.yml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: PHP ${{ matrix.php-version }} Lint with PHP CS Fixer
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - '8.1'
+          - '8.2'
+          - '8.3'
+          - '8.4'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: tokenizer
+          coverage: none
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.php-version }}-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: composer update --ansi --no-interaction
+
+      - name: Run lint on `app/`, `public/`
+        run: vendor/bin/php-cs-fixer fix --verbose --ansi --dry-run --config=.php-cs-fixer.no-header.php --using-cache=no --diff

.github/workflows/opencode.yml

@@ -0,0 +1,33 @@
+name: opencode
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  opencode:
+    if: |
+      contains(github.event.comment.body, ' /oc') ||
+      startsWith(github.event.comment.body, '/oc') ||
+      contains(github.event.comment.body, ' /opencode') ||
+      startsWith(github.event.comment.body, '/opencode')
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: read
+      issues: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Run opencode
+        uses: anomalyco/opencode/github@latest
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        with:
+          model: anthropic/claude-3-haiku-20240307

.github/workflows/php-linter.yml

@@ -0,0 +1,34 @@
+name: PHP Linting
+
+on: push
+
+jobs:
+  phplint:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: PHP Lint 8.0
+        uses: dbfx/github-phplint/8.0@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""   
+      - name: PHP Lint 8.1
+        uses: dbfx/github-phplint/8.1@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.2
+        uses: dbfx/github-phplint/8.2@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.3
+        uses: dbfx/github-phplint/8.3@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""
+      - name: PHP Lint 8.4
+        uses: dbfx/github-phplint/8.4@master
+        with:
+          folder-to-exclude: "! -path \"./vendor/*\" ! -path \"./folder/excluded/*\""

.github/workflows/phpunit.yml

@@ -0,0 +1,126 @@
+name: PHPUnit Tests
+
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'spark'
+      - 'tests/**'
+      - '.github/workflows/phpunit.yml'
+      - 'gulpfile.js'
+      - 'app/Database/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: PHP ${{ matrix.php-version }} Tests
+    runs-on: ubuntu-22.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - '8.1'
+          - '8.2'
+          - '8.3'
+          - '8.4'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: intl, mbstring, mysqli
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install npm dependencies
+        run: npm install
+
+      - name: Build database.sql
+        run: npm run gulp build-database
+
+      - name: Start MariaDB
+        run: |
+          docker run -d --name mysql \
+            -e MYSQL_ROOT_PASSWORD=root \
+            -e MYSQL_DATABASE=ospos \
+            -e MYSQL_USER=admin \
+            -e MYSQL_PASSWORD=pointofsale \
+            -v $PWD/app/Database/database.sql:/docker-entrypoint-initdb.d/database.sql \
+            -p 3306:3306 \
+            mariadb:10.5
+          # Wait for MariaDB to be ready
+          until docker exec mysql mysqladmin ping -h 127.0.0.1 -u root -proot --silent; do
+            echo "Waiting for MariaDB..."
+            sleep 2
+          done
+          echo "MariaDB is ready!"
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.php-version }}-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: composer update --ansi --no-interaction
+
+      - name: Create .env file
+        run: cp .env.example .env
+
+      - name: Run PHPUnit tests
+        env:
+          CI_ENVIRONMENT: testing
+          MYSQL_HOST_NAME: 127.0.0.1
+        run: composer test -- --log-junit test-results/junit.xml
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results-php-${{ matrix.php-version }}
+          path: test-results/
+          retention-days: 30
+
+      - name: Stop MariaDB
+        if: always()
+        run: docker stop mysql && docker rm mysql

.gitignore

@@ -1,38 +1,89 @@
+# Dependency directories
 node_modules
-tmp
-database/database.sql
-database/migrate_phppos_dist.sql
-application/config/email.php
-application/sessions/*
-application/logs/*
-application/uploads/*
-public/license/.licenses
-public/license/bower.LICENSES
-public/dist
-generate_langauges.php
-dist/
-docs/
-public/bower_components
+vendor
+public/resources
+public/images/menubar/*
+!public/images/menubar/.gitkeep
+public/license/*
+!public/license/.gitkeep
+app/Config/email.php
+npm-debug.log*
+.vscode
+
+# Docker
+!docker/.env
+docker/data/database/db/*
+docker/data/certbot/conf/*
+docker/data/ospos/app/*
+
+# Editors
+## SublimeText
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+*.sublime-workspace
+
+## VisualStudioCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+## Vim
+*.sw[a-p]
+
+## WebStorm/IntelliJ
+/.idea
+modules.xml
+*.ipr
+*.iml
+
+# System files
+*.DS_Store
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+Desktop.ini
+$RECYCLE.BIN/
+._*
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Other
+generate_languages.php
+dist
+docs
+/patches
+translations
+/.buildpath
+/.project
+/.settings/*
 *.patch
-patches/
-translations/
-.idea/
 git-svn-diff.py
 *.bash
 .swp
-.buildpath
-.project
-.settings/*
-vendor/
+system/
 *.swp
 *.rej
 *.orig
 *~
 *.~
-*.log
 .env
-package-lock.json
-!/docker/.env
-/docker/data/database/db/*
-/docker/data/certbot/conf/*
-/docker/data/ospos/app/*
+auth.json
+
+*.png
+*.jpg
+*.jpeg
+*.webp
+*copy*
+/writable/logs/*.log
+/writable/debugbar/*.json
+/app/Database/database.sql
+/writable/cache/settings
+/.env.bak

.htaccess

@@ -1,19 +1,28 @@
 # redirect to public page
-  <IfModule mod_rewrite.c>
+<IfModule mod_rewrite.c>
     RewriteEngine On
+
     RewriteCond %{REQUEST_URI} !^public$
     RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
     RewriteRule "^(.*)$" "/public/" [R=301,L]
-  </IfModule>
+
+    # If you installed CodeIgniter in a subfolder, you will need to
+    # change the following line to match the subfolder you need. Uncomment
+    # the line below and comment the line above.
+    #RewriteRule "^(.*)$"  "/[SUBDIRECTORY]/public/" [R=301,L]
+</IfModule>
 
 # disable directory browsing
 # For security reasons, Option all cannot be overridden.
-Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
+Options +SymLinksIfOwnerMatch -Indexes
 
 # prevent folder listing
 IndexIgnore *
 
-# Apache 2.4
+<IfModule mod_headers.c>
+  Header always set X-Frame-Options "SAMEORIGIN"
+</Ifmodule>
+
 <IfModule authz_core_module>
   # secure htaccess file
   <Files .htaccess>
@@ -31,38 +40,7 @@ IndexIgnore *
   </Files>
 
   # prevent access to csv, txt and md files
-  <FilesMatch "\.(csv|txt|md|yml|json|lock)$">
+  <FilesMatch "\.(csv|txt|md|yml|json|lock|env)$">
     Require all denied
   </FilesMatch>
 </IfModule>
-
-# Apache 2.2
-<IfModule !authz_core_module>
-  # secure htaccess file
-  <Files .htaccess>
-    Order allow,deny
-    Deny from all
-    Satisfy all
-  </Files>
-
-  # prevent access to PHP error log
-  <Files error_log>
-    Order allow,deny
-    Deny from all
-    Satisfy all
-  </Files>
-
-  # prevent access to LICENSE
-  <Files LICENSE>
-    Order allow,deny
-    Deny from all
-    Satisfy all
-  </Files>
-
-  # prevent access to csv, txt and md files
-  <FilesMatch "\.(csv|txt|md|yml|json|lock)$">
-    Order allow,deny
-    Deny from all
-    Satisfy all
-  </FilesMatch>
-</IfModule>

.php-cs-fixer.no-header.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of CodeIgniter 4 framework.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+use CodeIgniter\CodingStandard\CodeIgniter4;
+use Nexus\CsConfig\Factory;
+use Nexus\CsConfig\Fixer\Comment\NoCodeSeparatorCommentFixer;
+use Nexus\CsConfig\FixerGenerator;
+use PhpCsFixer\Finder;
+
+$finder = Finder::create()
+    ->files()
+    ->in([
+        __DIR__ . '/app',
+        __DIR__ . '/public',
+    ])
+    ->exclude(['Views/errors/html'])
+    ->append([
+        __DIR__ . '/admin/starter/builds',
+    ]);
+
+$overrides = [
+    // For updating to coding-standard
+    'modernize_strpos'    => true,
+];
+
+$options = [
+    'cacheFile'    => 'build/.php-cs-fixer.no-header.cache',
+    'finder'       => $finder,
+    'customFixers' => FixerGenerator::create('vendor/nexusphp/cs-config/src/Fixer', 'Nexus\\CsConfig\\Fixer'),
+    'customRules'  => [
+        NoCodeSeparatorCommentFixer::name() => true,
+    ],
+];
+
+return Factory::create(new CodeIgniter4(), $overrides, $options)->forProjects();

.travis.yml

@@ -1,35 +1,54 @@
 sudo: required
-dist: trusty
-group: deprecated-2017Q4
+
 branches:
   except:
+    - unstable
     - weblate
 services:
   - docker
-before_install:
-  - curl -L https://github.com/docker/compose/releases/download/1.7.1/docker-compose-`uname
-    -s`-`uname -m` > docker-compose
-  - chmod +x docker-compose
-  - sudo mv docker-compose /usr/local/bin
-  - date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6
-    HEAD` && sed -i "s/\$1/\$1.$date.$branch.$rev/g" deployment.json
+
+dist: jammy
+language: node_js
+node_js:
+  - 20
 script:
-  - docker run --rm -v $(pwd):/app composer/composer install
-  - docker run --rm -v $(pwd):/app -w /app lucor/php7-cli php bin/install.php translations
-    develop
-  - sed -i "s/'\(dev\)'/'$rev'/g" application/config/config.php
-  - docker run --rm -it -v $(pwd):/app -w /app digitallyseamless/nodejs-bower-grunt
-    sh -c "npm install && bower install && grunt package"
-  - /bin/bash docker/install-local.sh
+  - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+  - docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
+  - version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
+  - cp .env.example .env && sed -i 's/production/development/g' .env
+  - sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
+  - echo "$version-$branch-$rev"
+  - npm version "$version-$branch-$rev" --force || true
+  - sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
+  - npm ci && npm install -g gulp && npm run build
+  - docker build . --target ospos -t ospos
+  - docker build . --target ospos_test -t ospos_test
+  - docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
+  - docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
 env:
-  - TAG=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
-after_success: '[ -n ${DOCKER_USERNAME} ] && docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
-  && docker tag "opensourcepos_ospos:latest" "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG"'
+  global:
+  - BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
+  - TAG=$(echo "${TRAVIS_TAG:-$BRANCH}" | tr '/' '-')
+  - date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
+after_success:
+  - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
+    "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
+  - gulp compress
+  - mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
+  - mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
 deploy:
-  file: deployment.json
-  provider: bintray
-  skip_cleanup: true
-  key: ${BINTRAY_API_KEY}
-  user: jekkos
-  on:
-    all_branches: true
+  - provider: releases
+    edge: true
+    file: dist/opensourcepos.$version.$rev.zip
+    name: "Unstable OpensourcePos"
+    overwrite: true
+    release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
+    prerelease: true
+    tag_name: unstable
+    user: jekkos
+
+    api_key:
+      secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
+
+    on:
+      branch: master

BUILD.md

@@ -0,0 +1,67 @@
+# Building OSPOS
+
+## For Developers and Hobbyists Only
+
+If you are a developer and need to add unique features to OSPOS, you can download the raw code from the github repository and make changes.  If it's a really cool change that might benefit others, we ask that you consider contributing it to the project.
+
+After you've made your changes, you will need to do a "BUILD" on it to add all necessary components that OSPOS needs to be a fully functional application.
+
+This documents the "How to Build" process.
+
+The goal here is to set up and configure the build process so that the actual build is as simple as possible.
+
+The build process uses the build tools "npm" and "gulp" to piece everything together.
+
+## Prerequisites
+
+- Install the latest version of NPM (tested using version 9.4.2)
+- Install the latest version of Composer (tested using composer 2.5.1)
+
+## The Workflow
+
+1. Download the code from the master branch found at https://github.com/opensourcepos/opensourcepos/tree/master.
+2. Unzip it and copy the contents into the working folder.
+3. Start a terminal session from the root of your working folder. For example, I normally open up the working folder in PHPStorm and run the commands from the Terminal provided by the IDE.
+4. Enter the following three commands in sequence:
+    - `composer install`
+    - `npm install`
+    - `npm run build`
+
+That's all there is to it.
+
+Note: If you receive messages similar to 'codeigniter4/framework v4.3.1 requires ext-intl', this is an indicator that you do not have intl enabled in php.ini
+
+After the build tasks are complete, if you have the database set up and a preconfigured copy of .env, just drop the .env file into the root of the working folder. You should be ready to go.
+
+If you do not have an existing (and upgraded) database, then you will need to continue from this point forward with the standard installation instructions, but at this point you have a runnable version of OSPOS.
+
+### Windows Platform
+
+Using an `.env` file is a convenient approach to store OSPOS configuration.
+
+I've added the following Powershell scripts to make my life a bit easier, which I share with you.
+
+* `build.ps1` - Which runs the build but also restores the .env from a backup I make of it in a specifically placed folder. I place a copy of the configured .env file in a folder that has the following path from the working folder: `../env/<working-folder-name>/.env`
+
+### Containerized setup
+Development using docker has the advantage that all the application's dependencies are contained within the docker environment. During development we want to have a live version of the code in the container when we edit it. This is accomplished by mounting the application folder within the /app of the docker container. 
+
+The file permissions for the repository in the container should be the same as on the host. That's why we have to startthe PHP process in docker with the host current uid. 
+
+```
+export USERID=$(id -u)
+export GROUPID=$(id -g)
+docker-compose -f docker-compose.dev.yml up
+```
+
+## The Result
+
+The build creates a developer version of a runnable instance of OSPOS.  It contains a ton of developer stuff that **should not be deployed to a production environment**.
+
+Again, the results of this build is NOT something that should be used for production.
+
+However, the zip and tar files, found in the root `dist` folder, are created as part of the build process and can be used for deploying a ***trial production*** instance of OSPOS.
+
+Only official releases should be used for real production.  There is significant risk of failure should you chose to deploy a development branch or even a master branch that the development team hasn't signed off on.
+
+Good luck with your build. Please report any issues you encounter.

CHANGELOG.md

@@ -0,0 +1,401 @@
+[unreleased]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...HEAD
+[3.4.2]: https://github.com/opensourcepos/opensourcepos/compare/3.4.1...3.4.2
+[3.4.1]: https://github.com/opensourcepos/opensourcepos/compare/3.4.0...3.4.1
+[3.4.0]: https://github.com/opensourcepos/opensourcepos/compare/3.3.9...3.4.0
+[3.3.9]: https://github.com/opensourcepos/opensourcepos/compare/3.3.8...3.3.9
+[3.3.8]: https://github.com/opensourcepos/opensourcepos/compare/3.3.7...3.3.8
+[3.3.7]: https://github.com/opensourcepos/opensourcepos/compare/3.3.6...3.3.7
+[3.3.6]: https://github.com/opensourcepos/opensourcepos/compare/3.3.5...3.3.6
+[3.3.5]: https://github.com/opensourcepos/opensourcepos/compare/3.3.4...3.3.5
+[3.3.4]: https://github.com/opensourcepos/opensourcepos/compare/3.3.3...3.3.4
+[3.3.3]: https://github.com/opensourcepos/opensourcepos/compare/3.3.2...3.3.3
+[3.3.2]: https://github.com/opensourcepos/opensourcepos/compare/3.3.1...3.3.2
+[3.3.1]: https://github.com/opensourcepos/opensourcepos/compare/3.3.0...3.3.1
+[3.3.0]: https://github.com/opensourcepos/opensourcepos/compare/3.2.3...3.3.0
+[3.2.3]: https://github.com/opensourcepos/opensourcepos/compare/3.2.2...3.2.3
+[3.2.2]: https://github.com/opensourcepos/opensourcepos/compare/3.2.1...3.2.2
+[3.2.1]: https://github.com/opensourcepos/opensourcepos/compare/3.2.0...3.2.1
+[3.2.0]: https://github.com/opensourcepos/opensourcepos/compare/3.1.1...3.2.0
+[3.1.1]: https://github.com/opensourcepos/opensourcepos/compare/3.1.0...3.1.1
+[3.1.0]: https://github.com/opensourcepos/opensourcepos/compare/3.0.2...3.1.0
+[3.0.2]: https://github.com/opensourcepos/opensourcepos/compare/3.0.1...3.0.2
+[3.0.1]: https://github.com/opensourcepos/opensourcepos/compare/3.0.0...3.0.1
+[3.0.0]: https://github.com/opensourcepos/opensourcepos/compare/2.4.0...3.0.0
+[2.4.0]: https://github.com/opensourcepos/opensourcepos/compare/2.3.4...2.4.0
+[2.3.4]: https://github.com/opensourcepos/opensourcepos/compare/2.3.3...2.3.4
+[2.3.3]: https://github.com/opensourcepos/opensourcepos/compare/2.3.2...2.3.3
+[2.3.2]: https://github.com/opensourcepos/opensourcepos/compare/2.3.1...2.3.2
+[2.3.1]: https://github.com/opensourcepos/opensourcepos/compare/2.3...2.3.1
+[2.3.0]: https://github.com/opensourcepos/opensourcepos/compare/2.2.2...2.3
+
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [Unreleased]
+
+## [3.4.0] - 2025-02-06
+
+- Translation updates (Spanish, Indonesian, Swedish, Urdu, Chinese, Thai, French, Dutch)
+- PHP 8.x support
+- Security fixes (XSS, SQLi)
+- Migration to Gulp as buildsystem
+- Decimal validation fix
+- Sticky header fix
+- Receipt sent as attachment
+- Barcode generation library upgrade
+- Bump framework to CodeIgniter `4.x.x`
+- Improve security performance against bots
+
+## [3.3.9] - 2023-11-06
+
+- Translation updates (Arabic, Central Khmer, Croatian, Czech, Danish, English, French, Indonesian, Lao, Russian, Spanish, Thai)
+- Fix logout race condition issue ([#3578](https://github.com/opensourcepos/opensourcepos/issues/3578))
+- Fix docker compose file ([#3754](https://github.com/opensourcepos/opensourcepos/issues/3754))
+- Minor report fixes
+
+## [3.3.8] - 2022-08-03
+
+- Translation updates (Azerbaijani, Flemish, French, Spanish, Thai, Vietnamese)
+- Fix logo removal issue (CSRF regression) ([#3533](https://github.com/opensourcepos/opensourcepos/issues/3533))
+- Substract refunds from total rewards as payment method ([#3536](https://github.com/opensourcepos/opensourcepos/issues/3536))
+
+## [3.3.7] - 2022-03-29
+
+- Translation updates (Chinese, French, Indonesian, Italian, Polish, Swedish, Thai)
+- XSS fixes in bootstrap datatables
+- Invoice numbering fixes
+- Docker compose database scripts are now mounted from a container volume
+
+## [3.3.6] - 2021-10-31
+
+- Translation updates (Bosnian, Dutch, Indonesian, Polish, Russian, Spanish)
+- Make footer revision clickable (ref to github)
+- Minor reporting adjustments
+- Introduced new global keyboard shortcuts (see overview below)
+
+### Fixes
+
+- reCaptcha issue fix
+- Username verification bugfix
+- Clickjacking security mitigations
+- Fixes for the payment summary after refresh
+- Hardening against XSS by introducing a CSP header in the HTTP headers
+- Several CSRF and XSS fixes
+- Type juggling password fix for old logins
+
+
+## [3.3.5] - 2021-08-26 [YANKED]
+
+- Translation updates (Arabic, Azerbaijani, Bulgarian, Chinese, Dutch, French, Indonesian, Polish, Portuguese, Romanian, Spanish, Swedish, Tamil, Thai, Turkish, Ukrainian, Vietnamese)
+- New responsive login page based on Bootstrap `5`
+- Translation fallback to English when a string is untranslated for the selected language
+- Database and performance optimizations
+- Grunt/CI updates
+- CSV item import improvements
+
+### Fixes
+
+- Username verification fix on employee insert/update
+- Minor report fixes
+- Attribute encoding fix
+- Decimal render fix
+- Fixes for Docker to make it run on Windows
+- Blind SQL injection fix
+
+## [3.3.4] - 2021-04-20
+
+- Translation updates (Hungarian, Indonesian, Bosnian, Ukrainian, Vietnamese, Spanish)
+- Prevent data wipeout when calling GET directly on the save endpoint
+- Cleanup `.htaccess`
+- Docker compose usability improvements
+- Cookie secure flag fix for Chrome (you can enable CSRF protection again now)
+- Use LONGBLOB for session storage. This should fix issues preventing a user from adding a large number of items to register
+- Cash rounding bugfixes
+- Fix daily overview cash sale totals
+- Show sale count in the transaction report
+- Button disable to prevent double submission
+- Add barcode field to item kits
+- Fix discount register parsing in some specific locales
+
+## [3.3.3] - 2021-01-01
+
+- PHP `7.4` support
+- Set PHP `7.2` to be the minimum level due to older version deprecations
+- Added email CC and BCC (see `config/email.php`)
+- Cash rounding to nearest 5 cents
+- Updated composer packages and JS plugins
+- Improved security (CSRF protection)
+- Various small improvements and bug fixes
+
+## [3.3.2] - 2020-09-03
+
+- Fixed `only_full_group_by` issue with MySQL/MariaDB
+- Fixed POS transaction return failure if items were deleted
+- Various bug fixes
+
+## [3.3.1] - 2019-12-14
+
+- Various bug fixes (please disable `only_full_group_by` option from MySQL/MariaDB to avoid issues)
+
+## [3.3.0] - 2019-09-29
+
+- New logo
+- Upgrade CodeIgniter to version `3.1.11`
+- PHP `7.3` support
+- Attributes feature (allows extensibility of items replacing old custom fields)
+- India GST tax support + various tax support improvements
+- Cash up feature
+- Temporary items feature
+- Fixed sales discount
+- Supplier category feature
+- Improved items import and CSV file generation (to contain additional attributes)
+- Improved Docker installation with NGINX reverse proxy using Let's Encrypt TLS certificate
+- Database performance improvements
+- Added and udated translations
+- Fixed various reports issues
+- Fixed rounding issues
+- Fixed CSRF issues
+- Fixed database upgrade script issues
+- Various bug fixes
+
+## [3.2.3] - 2018-06-13
+
+- Upgrade CodeIgniter to version `3.1.9`
+- Further revert of CSRF change causing regression
+
+## [3.2.2] - 2018-06-06
+
+- Revert CSRF change causing regression
+
+## [3.2.1] - 2018-06-04
+
+- Support for GDPR
+- CSRF simplifications
+- Translation upgrades
+- Various bug fixes
+
+## [3.2.0] - 2018-04-14
+
+- Upgrade CodeIgniter to version `3.1.8`
+- PHP `7.2` support (use OpenSSL and not MCrypt)
+- Automatic database upgrades from `3.0.0` at first login (no more SQL scripts)
+- Home and (back)office menu switch (top menu can be organized in two views)
+- Expenses feature
+- Quote and work order features
+- Improved invoice support
+- Sale suspend, soft delete, complete as the state not as different tables or hard delete
+- Restore deleted sales
+- Improved item kits
+- Export tables all records and export to PDF
+- Table sticky header (headers visible during scrolling)
+- Allow duplicate barcodes (config option)
+- Search suggestion formatting (config option)
+- Define print and email checkboxes behavior (config option)
+- Edit customer from sales register
+- Added and updated translations
+- Various jQuery plugins upgrade
+- Fixed permission issues (e.g. password change)
+- Fixed various reports issues and renamed Sales to Transactions
+- Various bug fixes (e.g. tax, rounding, library circular dependency)
+
+## [3.1.1] - 2017-09-09
+
+- Updated en-US and en-GB translations, better grammar, and consistency
+- Fixed database migration issue with VAT tax included
+- Fixed database backup bug
+- Fixed gift card error
+- Fixed database `upgrade to 3.1.x` script (now it's to `3.1.1` and there is no `3.1.0` anymore)
+- Fixed old database upgrade scripts for people upgrading from `2.x` versions
+- Fixed `.htaccess` file in OSPOS root dir (it was not forwarding to `public` subdir)
+- Fixed few jQuery `2.0` upgrade issues
+
+## [3.1.0] - 2017-09-02
+
+- MySQL `5.7` and PHP `7.x` support
+- Advanced tax support with customer tax categories and more
+- Better horeca use case support with dinner table sale tagging
+- Customer rewards support
+- Added quote support and better invoice support
+- Added integration with Mailchimp to connect customer list with Mailchimp list
+- Prevent inserting two customers with the same email address
+- Customer total spending and stats
+- Added Google reCAPTCHA option for the login page to increase protection from brute force attacks
+- Added due payment for credit sale support
+- Gift card numbering with two options: series and random
+- Extended item kits functionality
+- Employees are allowed to change their own password by clicking their name in the top bar
+- Cash rounding support, extended decimals
+- Reworked item pictures, file names, and storing
+- Financial year start date and selection from date range pickers
+- Date time range filters can be date and time or date only
+- Added two new Bootswatch themes
+- Receipts font size support
+- Fix automatically people's name first capital letter, emails in lower case only
+- Fixes to Receiving
+- Various amendments to database script updates from older versions
+- Added dotenv support
+- Updates to language translations (split English to American English and British English)
+- Various Dockers support improvements
+- Minor bugfixes
+
+## [3.0.2] - 2016-12-31
+
+- Fixed error when performing scans multiple times in a row
+- Fixed summary reports
+- Protect employee privacy by printing just the first letter of the family name
+- Updates to language translations
+- Various Dockers support improvements
+- Minor bugfixes
+
+## [3.0.1] - 2016-11-27
+
+- Upgrade CodeIgniter to version `3.1.2`
+- Substantial database performance improvements
+- Improved security: email and SMS passwords encryption, removed `phpinfo.php`
+- Set code to be production and not development in `index.php`
+- Reports improvements, fixed table sorting, tax calculation and made profit to be net profit
+- Better Apache `2.4` support in `.htaccess`
+- Updates to language translations
+- Fixed excel template download links
+- Fixed employee name in sale receipt and invoice reprinting
+- Fixed `2.3.2_to_2.3.3.sql` database upgrade script mistake
+- Fixed `phppos to ospos` database migration script
+- Minor bug fixes and some general code clean up
+
+## [3.0.0] 2016-10-22
+
+- Upgrade CodeIgniter to version `3.1.0`
+- Major UI overhaul based on Bootstrap `3.0` and Bootswatch Themes
+- New tabular views with advanced filtering using Bootstrap Tables
+- New graphical reports with no more Adobe Flash dependency
+- Redesign of all modal dialogs
+- Updated Sales register with simplified payment flow
+- Improved security: MySQL injection, XSS, CSFR, BCrypt password encryption, safer project layout
+- Support for text messaging (interfacing to specific support required)
+- Email configuration
+- Improved Localisation support
+- Improved Store Config page
+- Docker container ready for cloud installation
+- Composer PHP support
+- More languages and integration with Weblate for continuous translation
+- About 280 closed issues under `3.0.0` release label, too many to produce a meaningful list
+- Various code cleanup, refactoring, optimization and etc.
+
+## [2.4.0] - 2016-10-03
+
+- Upgrade CodeIgniter to version `3.0.5`
+- Fix for spurious logouts
+- Apache `.htaccess` `mod_expiry` caching and security optimizations
+- Bulk item edit fixes (category, tax, and supplier fields)
+- Remove f-key shortcuts used for module navigation
+- Allow using custom invoice numbers when suspending a sale
+- PHP `7` fixes
+- Specific warnings to distinguish between reorder level and out of stock situation in sales
+- Fix malware detection issues due to usage of `base64` encoding for storing session variables
+- Improve language generation scripts (use PHP builtin functionality)
+- Add extra buttons for navigation and printing to receipt and invoice
+- Improve print layout for invoices
+- Make layout consistent for items between receipt and invoice templates
+- Minor bugfixes
+
+## [2.3.4] - 2016-02-08
+
+- Migration script fixes
+- Improved continuous integration setup
+- More integration tests
+- Virtualized container setup (`docker install`)
+- Live clock functionality and favicon
+- Improved PHP `7` compatibility
+- Added de_CH (German) as language
+- Minor code cleanup
+- Removal of annoying backup prompt on logout
+
+## [2.3.3] - 2016-01-06
+
+- Item kit fixes (search, list, ...)
+- Add date picker widgets in sale/receiving edit forms
+- Add date filter in items module
+- Add barcode generation logic for EAN8, EAN13
+- Add barcode validation and fallback logic for EAN8, EAN13
+- New config option to generate barcodes if `item_number` is empty
+- Add cost and count to inventory reports
+- Gift card fixes
+- Refactor sales overview (added date filtering + search options)
+- Better locale config support
+- Improve PHP compatibility
+- Fix invoice numbering bug on suspending a sale
+- Add configurable locale-dependent date format
+- Add grunt-cache-breaker plugin
+- Suspend button appears before adding a payment
+- Searching of deleted items, filtering part is removed
+- Remove infamous `0` after leaving sale or receiving comments empty
+- Add SQL script to clean zeroes in sales/receivings comments
+- Numerous other bug fixes
+
+## [2.3.2] - 2016-01-25
+
+- Nominatim (OpenStreetMap) customer address autocompletion
+- Sale invoice templating
+- Configurable barcode generation for items
+- Stock location filtering in detailed sales and receivings reports
+- Gift cards fixes
+- Proper pagination support for most modules
+- Language updates
+- Fix for decimal tax rates
+- Add gender and company name attributes to customer
+- Stock location config screen refactor
+- Basic Travis CI and PhantomJS setup
+- Database backup on admin logout
+- Modifiable item thumbnails
+- Email invoice PDF generation using DomPDF
+- Modifiable company logo
+- jQuery upgrade (`1.2` -> `1.8.3`)
+- JavaScript minification (using Grunt)
+- Numerous bugfixes
+
+## [2.3.1] - 2015-02-11
+
+- Extra report permissions (this includes a refactoring of the database model - new grants table)
+- Tax inclusive/exclusive pricing
+- Receivings amount multiplication (can be configured in items section)
+- Customizable sale and receiving numbering
+- Gift card improvements
+- Fix item import through CSV
+- Bug fixes for reports
+
+## [2.3.0] - 2014-08-20
+
+- Support for multiple stock locations
+
+## 2.2.2 - 2014-08-19
+
+- French language added
+- Thai language added
+- Upgrade CodeIgniter to version `2.2.0`
+- Database types for amounts all changed to decimal types (this will fix rounding errors in the sales and receivings reports)
+- Fix duplicated session cookies in HTTP headers (this broke the application when running on Nginx)
+
+## 2.1.1
+
+- Barcodes on the order receipt were not generated correctly
+- Sales edit screen for detailed sales reports is now available with ThickBox as in the rest of the application
+- Indonesian language files updated (Oktafianus)
+- Default language set to `en` in `config.php`
+- Fixed some CSS bugs in the suspended sales section
+- Default cookie `sess_time_expire` set to `86400` (24h)
+
+## 2.1.0
+
+- Various upgrades, too numerous to list here
+- Removed dependency on ofc upload library due to vulnerability found
+
+## 2.0.2
+
+- Fixed multiple gift cards issue per Bug #4 reported on Sourceforge where a second gift card added would have its balance set to `0` even if the sale did not require the total of the second gift card to pay the remaining amount due
+- Small code cleanup
+
+## 2.1.0
+
+- Upgrade CodeIgniter to version `2.1.0`
+- Various small improvements

CODE_OF_CONDUCT.md

@@ -0,0 +1,98 @@
+Contributor Covenant Code of Conduct
+Our Pledge
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+Our Standards
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others’ private information, such as a physical or email address,
+without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+professional setting
+
+Enforcement Responsibilities
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+Scope
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+Enforcement
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+Enforcement Guidelines
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+1. Correction
+Community Impact: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+Consequence: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+2. Warning
+Community Impact: A violation through a single incident or series of
+actions.
+Consequence: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+3. Temporary Ban
+Community Impact: A serious violation of community standards, including
+sustained inappropriate behavior.
+Consequence: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+4. Permanent Ban
+Community Impact: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+Consequence: A permanent ban from any sort of public interaction within the
+community.
+Attribution
+This Code of Conduct is adapted from the Contributor Covenant,
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+Community Impact Guidelines were inspired by
+Mozilla’s code of conduct enforcement ladder.
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
+
+

Dockerfile

@@ -1,19 +1,38 @@
-FROM php:7.3-apache
-MAINTAINER jekkos
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    libicu-dev \
-    libgd-dev \
-    openssl
+FROM php:8.2-apache AS ospos
+LABEL maintainer="jekkos"
 
+RUN apt update && apt-get install -y libicu-dev libgd-dev
 RUN a2enmod rewrite
 RUN docker-php-ext-install mysqli bcmath intl gd
 RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
-RUN echo -e “$(hostname -i)\t$(hostname) $(hostname).localhost” >> /etc/hosts
 
 WORKDIR /app
 COPY . /app
 RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
-RUN chmod 755 /app/public/uploads && chown -R www-data:www-data /app/public /app/application
+RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
 
-RUN [ ! -f test/ospos.js ] || sed -i -e "s/\(localhost\)/web/g" test/ospos.js
+FROM ospos AS ospos_test
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+
+RUN apt-get install -y libzip-dev wget git
+RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
+RUN docker-php-ext-install zip
+RUN composer install -d/app
+#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
+WORKDIR /app/tests
+
+CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
+
+FROM ospos AS ospos_dev
+
+ARG USERID
+ARG GROUPID
+
+RUN echo "Adding user uid $USERID with gid $GROUPID"
+RUN ( addgroup --gid $GROUPID ospos || true ) && ( adduser --uid $USERID --gid $GROUPID ospos )
+
+RUN yes | pecl install xdebug \
+    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.mode=debug" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/xdebug.ini

Dockerfile.dev

@@ -1,9 +0,0 @@
-FROM jekkos/opensourcepos:master
-MAINTAINER jekkos
-
-RUN mkdir -p /app/bower_components && ln -s /app/bower_components /var/www/html/bower_components
-RUN yes | pecl install xdebug \
-    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
-    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
-    && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/xdebug.ini
-

Dockerfile.test

@@ -1,11 +0,0 @@
-FROM digitallyseamless/nodejs-bower-grunt:5
-MAINTAINER jekkos
-
-# apt-get install curl
-
-COPY Gruntfile.js .
-COPY package.json .
-COPY test .
-RUN npm install
-
-CMD ['while ! curl web/index.php | grep username; do sleep 1; done; grunt mochaWebdriver:test']

Gruntfile.js

@@ -1,252 +0,0 @@
-module.exports = function(grunt) {
-
-    grunt.initConfig({
-		pkg: grunt.file.readJSON('package.json'),
-		wiredep: {
-			task: {
-				ignorePath: '../../../public/',
-				src: ['application/views/partial/header.php']
-			}
-		},
-		bower_concat: {
-			all: {
-				mainFiles: {
-					'bootstrap-table': [ "src/bootstrap-table.js", "src/bootstrap-table.css", "dist/extensions/export/bootstrap-table-export.js", "dist/extensions/mobile/bootstrap-table-mobile.js", "dist/extensions/sticky-header/bootstrap-table-sticky-header.js", "dist/extensions/sticky-header/bootstrap-table-sticky-header.css"]
-				},
-				dest: {
-					'js': 'tmp/opensourcepos_bower.js',
-					'css': 'tmp/opensourcepos_bower.css'
-				}
-			}
-		},
-		bowercopy: {
-			options: {
-				report: false
-			},
-			targetdistjqueryui: {
-				options: {
-					srcPrefix: 'public/bower_components/jquery-ui',
-					destPrefix: 'public/dist'
-				},
-				files: {
-					'jquery-ui': 'themes/base/jquery-ui.min.css'
-				}
-			},
-			targetdistbootswatch: {
-				options: {
-					srcPrefix: 'public/bower_components/bootswatch',
-					destPrefix: 'public/dist'
-				},
-				files: {
-					bootswatch: '*/'
-				}
-			},
-			targetlicense: {
-				options: {
-					srcPrefix: './'
-				},
-				files: {
-					'public/license': 'LICENSE'
-				}
-			}
-		},
-		cssmin: {
-			target: {
-				files: {
-					'public/dist/<%= pkg.name %>.min.css': ['tmp/opensourcepos_bower.css', 'public/css/*.css', '!public/css/login.css', '!public/css/invoice_email.css', '!public/css/barcode_font.css']
-				}
-			}
-		},
-		concat: {
-			js: {
-				options: {
-					separator: ';'
-				},
-				files: {
-					'tmp/<%= pkg.name %>.js': ['tmp/opensourcepos_bower.js', 'public/js/jquery*', 'public/js/*.js']
-				}
-			},
-			sql: {
-				options: {
-					banner: '-- >> This file is autogenerated from tables.sql and constraints.sql. Do not modify directly << --'
-				},
-				files: {
-					'database/database.sql': ['database/tables.sql', 'database/constraints.sql'],
-					'database/migrate_phppos_dist.sql': ['database/tables.sql', 'database/phppos_migrate.sql', 'database/constraints.sql']
-				}
-			}
-		},
-		uglify: {
-			options: {
-				banner: '/*! <%= pkg.name %> <%= grunt.template.today("dd-mm-yyyy") %> */\n'
-			},
-			dist: {
-				files: {
-					'public/dist/<%= pkg.name %>.min.js': ['tmp/<%= pkg.name %>.js']
-				}
-			}
-		},
-		jshint: {
-			files: ['Gruntfile.js', 'public/js/*.js'],
-			options: {
-				// options here to override JSHint defaults
-				globals: {
-					jQuery: true,
-					console: true,
-					module: true,
-					document: true
-				}
-			}
-		},
-		tags: {
-			css_header: {
-				options: {
-					scriptTemplate: '<rel type="text/css" src="{{ path }}"></rel>',
-					openTag: '<!-- start css template tags -->',
-					closeTag: '<!-- end css template tags -->',
-					ignorePath: '../../../public/'
-				},
-				src: ['public/css/*.css', '!public/css/login.css', '!public/css/invoice_email.css', '!public/css/barcode_font.css'],
-				dest: 'application/views/partial/header.php',
-			},
-			mincss_header: {
-				options: {
-					scriptTemplate: '<rel type="text/css" src="{{ path }}"></rel>',
-					openTag: '<!-- start mincss template tags -->',
-					closeTag: '<!-- end mincss template tags -->',
-					ignorePath: '../../../public/'
-				},
-				// jquery-ui must be first or at least before opensourcepos.min.css
-				src: ['public/dist/jquery-ui/*.css', 'public/dist/*.css'],
-				dest: 'application/views/partial/header.php',
-			},
-			css_login: {
-				options: {
-					scriptTemplate: '<rel type="text/css" src="{{ path }}"></rel>',
-					openTag: '<!-- start css template tags -->',
-					closeTag: '<!-- end css template tags -->',
-                    ignorePath: '../../public/'
-				},
-				src: ['public/css/login.css'],
-				dest: 'application/views/login.php'
-			},
-			js: {
-				options: {
-					scriptTemplate: '<script type="text/javascript" src="{{ path }}"></script>',
-					openTag: '<!-- start js template tags -->',
-					closeTag: '<!-- end js template tags -->',
-					ignorePath: '../../../public/'
-				},
-				src: ['public/js/jquery*', 'public/js/*.js'],
-				dest: 'application/views/partial/header.php'
-			},
-			minjs: {
-				options: {
-					scriptTemplate: '<script type="text/javascript" src="{{ path }}"></script>',
-					openTag: '<!-- start minjs template tags -->',
-					closeTag: '<!-- end minjs template tags -->',
-                    ignorePath: '../../../public/'
-				},
-				src: ['public/dist/*min.js'],
-				dest: 'application/views/partial/header.php'
-			}
-		},
-		mochaWebdriver: {
-			options: {
-				timeout: 1000 * 60 * 3
-			},
-			test : {
-				options: {
-					usePhantom: true,
-					usePromises: true
-				},
-				src: ['test/**/*.js']
-			}
-		},
-		watch: {
-			files: ['<%= jshint.files %>'],
-			tasks: ['jshint']
-		},
-		cachebreaker: {
-			dev: {
-				options: {
-					match: [ {
-						'opensourcepos.min.js': 'public/dist/opensourcepos.min.js',
-						'opensourcepos.min.css': 'public/dist/opensourcepos.min.css'
-					} ],
-					replacement: 'md5'
-				},
-				files: {
-					src: ['application/views/partial/header.php', 'application/views/login.php']
-				}
-			}
-		},
-		clean: {
-			license: ['public/bower_components/**/bower.json']
-		},
-		license: {
-			all: {
-				// Target-specific file lists and/or options go here. 
-				options: {
-					// Target-specific options go here. 
-					directory: 'public/bower_components',
-					output: 'public/license/bower.LICENSES'
-				}
-			}
-		},
-		'bower-licensechecker': {
-			options: {
-				/*directory: 'path/to/bower',*/
-				acceptable: [ 'MIT', 'BSD', 'LICENSE.md' ],
-				printTotal: true,
-				warn: {
-					nonBower: true,
-					noLicense: true,
-					allGood: true,
-					noGood: true
-				},
-				log: {
-					outFile: 'public/license/.licenses',
-					nonBower: true,
-					noLicense: true,
-					allGood: true,
-					noGood: true,
-				}
-			}
-		},
-		apigen: {
-			generate:{
-				options: {
-					apigenPath: 'vendor/bin/',
-					source: 'application',
-					destination: 'docs'
-				}
-			}
-		},
-		compress: {
-			main: {
-				options: {
-					mode: 'zip',
-					archive: 'dist/opensourcepos.zip'
-				},
-				files: [
-					{src: ['public/**', 'vendor/**', 'application/**', '!/public/images/menubar/png/', '!/public/dist/bootswatch/', '/public/dist/bootswatch/*/*.css', 'database/**', '*.txt', '*.md', 'LICENSE', 'docker*', 'Dockerfile', '**/.htaccess', '*.csv']}
-				]
-			}
-		}
-	});
-
-    require('load-grunt-tasks')(grunt);
-    grunt.loadNpmTasks('grunt-mocha-webdriver');
-	grunt.loadNpmTasks('grunt-composer');
-	grunt.loadNpmTasks('grunt-apigen');
-    grunt.loadNpmTasks('grunt-contrib-compress');
-    
-    grunt.registerTask('default', ['wiredep', 'bower_concat', 'bowercopy', 'concat', 'uglify', 'cssmin', 'tags', 'cachebreaker']);
-    grunt.registerTask('update', ['composer:update', 'bower:update']);
-    grunt.registerTask('genlicense', ['clean:license', 'license', 'bower-licensechecker']);
-    grunt.registerTask('package', ['default', 'compress']);
-    grunt.registerTask('packages', ['composer:update']);
-    grunt.registerTask('gendocs', ['apigen:generate']);
-
-};

INSTALL.md

@@ -1,128 +1,65 @@
-Server Requirements
--------------------
+## Server Requirements
 
-* PHP version 5.6 to 7.3 are supported. Please note that PHP needs to have `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring` and `php-curl` installed and enabled.
+- PHP version `8.1` to `8.4` are supported, PHP version `≤7.4` is NOT supported. Please note that PHP needs to have the extensions `php-json`, `php-gd`, `php-bcmath`, `php-intl`, `php-openssl`, `php-mbstring`, `php-curl` and `php-xml` installed and enabled. An unstable master build can be downloaded in the releases section.
+- MySQL `5.7` is supported, also MariaDB replacement `10.x` is supported and might offer better performance.
+- Apache `2.4` is supported. Nginx should work fine too, see [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Local-Deployment-using-LEMP).
+- Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
+- For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
 
-* MySQL 5.5, 5.6 and 5.7 are supported, also MariaDB replacement is supported and apparently offering better performance.
+## Local install
 
-* Apache 2.2 and 2.4 are supported. Also Nginx has been proven to work fine, see [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Local-Deployment-using-LEMP)
+First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project.  To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
 
-* Raspberry PI based installations proved to work, see [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS))
+1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
+2. Create/locate a new MySQL database to install Open Source Point of Sale into.
+3. Execute the file `app/Database/database.sql` to create the tables needed.
+4. Unzip and upload Open Source Point of Sale files to the web-server.
+5. Open `.env` file and modify credentials to connect to your database if needed. (First copy .env.example to .env and update)
+7. Go to your install `public` dir via the browser.
+8. Log in using
+   - Username: admin
+   - Password: pointofsale
+9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
+9. Enjoy!
+10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
 
-* For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki) and also existing closed issues as this topic has been covered well in all the variants and issues.
+## Local install using Docker
 
-
-Local install
--------------
-
-First of all, if you're seeing the message **'system folder missing'** after launching your browser, then that means you have cloned the repository and have not built the project properly.
-
-1. Dowload the latest [stable release](https://github.com/opensourcepos/opensourcepos/releases) from github or [unstable build](https://bintray.com/jekkos/opensourcepos/opensourcepos/view/files?sort=updated&order=asc#files) from bintray. A regular repository clone will not work unless you are brave enough to build the whole project!
-2. Create/locate a new mysql database to install open source point of sale into
-3. Execute the file database/database.sql to create the tables needed
-4. unzip and upload Open Source Point of Sale files to web server
-5. Modify application/config/database.php and modify credentials if needed to connect to your database
-6. Modify application/config/config.php encryption key with your own
-7. Go to your point of sale install public dir via the browser
-8. LOGIN using
-  * username: admin 
-  * password: pointofsale
-9. Enjoy
-10. Oops an issue? Please make sure you read the FAQ, wiki page and you checked open and closed issue on GitHub. PHP display_errors is disabled by default. Create an application/config/.env file from the .env.example to enable it in a development environment. 
-
-
-Local install using Docker
---------------------------
-
-From now onwards OSPOS can be deployed using Docker on Linux and Mac, locally or on a host (server).
+OSPOS can be deployed using Docker on Linux, Mac, and Windows. Locally or on a host (server).
 This setup dramatically reduces the number of possible issues as all setup is now done in a Dockerfile.
-Docker runs natively on Mac and Linux. Please refer to the docker documentation for instructions on how to set it up on your platform.
+Docker runs natively on Mac and Linux. Windows requires WSL2 to be installed. Please refer to the Docker documentation for instructions on how to set it up on your platform.
 
-Since OSPOS version 3.3.0 the docker installation offers a reverse proxy based on nginx with a (if local) Self signed certificate termination (aka HTTPS connection).
-Behind the reverse proxy you can access OSPOS using https (port 443) and myPhpAdmin using port 8000.
-Port 80 (standard http) is not available for OSPOS, it's only available for a cert manager service in case of server installation.
+**Be aware that this setup is not suited for production usage! Change the default passwords in the compose file before exposing the containers publicly.**
 
-* To build and run the image, download the latest build from bintray.
-* Install envsubst from https://github.com/a8m/envsubst on your machine
-* Issue the following commands in a terminal with docker installed:
+Start the containers using the following command
 
 ```
-    docker/install-local.sh
+    docker-compose up
 ```
 
-* When required to renew a certificate say (y)es.
-* When the script has terminated to run, wait about a minute before connecting to https://127.0.0.1.
-* The web browser will warn you of a self certificate exception, accept and continue
-* If you do https://127.0.0.1:8000 (port 8000) instead, you would be able to access a phpMyAdmin service connected to OSPOS MariaDB
+## Nginx install using Docker
 
-* To stop the docker issue the following command:
+Since OSPOS version `3.3.0` the Docker installation offers a reverse proxy based on Nginx with a Let's Encrypt TLS certificate termination (aka HTTPS connection).
+Let's Encrypt is a free certificate issuer, requiring a special installation that this Docker installation would take care of for you.
+Any Let's Encrypt TLS certificate renewal will be managed automatically, therefore there is no need to worry about those details.
+
+Before starting your installation, you should edit the `docker/.env` file and configure it to contain the correct MySQL/MariaDB and phpMyAdmin passwords (don't use the defaults!).
+You will also need to register to Let's Encrypt. Configure your host domain name and Let's Encrypt email address in the `docker/.env` file.
+The variable `STAGING` needs to be set to `0` when you are confident your configuration is correct so that Let's Encrypt will issue a final proper TLS certificate.
+
+Follow local install steps, but instead use
+
+```
+    docker/install-nginx.sh
+```
+
+Do **not** use below command on live deployments unless you want to tear everything down. All your disk content will be wiped!
 
 ```
     docker/uninstall.sh
 ```
 
+## Cloud install
 
-Host install using Docker
--------------------------
-
-Since OSPOS version 3.3.0 the docker installation offers a reverse proxy based on nginx with a Letsencrypt TLS certificate termination (aka HTTPS connection).
-Letsencrypt is a free certificate issuer, requiring a special installation that this docker installation would take care for you.
-Any Letsencrypt TLS certificate renewal will be managed automatically for you, therefore there is no need to worry about those details.
-
-Before starting your installation, you would need to edit docker/.env file and configure it to contain the correct MySQL/MariaDB and phpMyAdmin passwords (don't use the defaults!).
-You will also need to register to Letsencrypt and configure your host domain name, Letsencrypt email address in docker/.env file.
-The variable STAGING needs to be set to 0 when you are confident your configuration is correct so that Letsencrypt will issue a final proper TLS certificate.
-
-Follow local install steps, but instead of 
-
-```
-    docker/install-local.sh
-```
-
-use
-
-```
-    docker/install-server.sh
-```
-
-Do not use 
-
-```
-    docker/uninstall.sh
-```
-
-on live deployments unless you want to tear down everything because all your disk content will be wiped out!
-
-
-Cloud install
--------------
-
-If you choose *DigitalOcean*:
-[Through this link](https://m.do.co/c/ac38c262507b), you will get a *$50 credit* for a first month. [Check the wiki](https://github.com/opensourcepos/opensourcepos/wiki/DOCS-USERS-Getting-Started-installations#cloud-deploy-installation) for further instructions on how to install the necessary components.
-
-
-cPanel & SSH Install
---------------------
-
-If you own on a **VPS**, **Dedicated Server**, or **Shared Hosting** running on **cPanel** with **SSH** access:
-
-You can run our Stand-alone [WS-OSPOS-Installer](https://github.com/WebShells/WS-OSPOS-Installer.git), it will handle:
-
-. Database.php config files generation.<br>
-. Creation of db User & Password depending on user's input of Dbname, Username, Password, & Hostname ( No need for phpmyadmin )<br>
-. Imports default Db SQL files in order to run the project.<br>
-
-Usage in **(SSH)**:
-
-git clone https://github.com/WebShells/WS-OSPOS-Installer.git<br>
-chmod +x WS-OSPOS-Installer/Get-POS<br>
-./WS-OSPOS-Installer/Get-POS<br>
-
-or
-
-wget https://github.com/WebShells/WS-OSPOS-Installer/archive/master.zip<br>
-unzip -qq master.zip<br>
-chmod +x WS-OSPOS-Installer-master/Get-POS<br>
-./WS-OSPOS-Installer-master/Get-POS<br>
-
-Answer **DB required questions** and you are ready to run the project on http://localhost/OSPOS/public (localhost to be replaced by the hostname provided during setup).
+If you choose DigitalOcean:
+[Through this link](https://m.do.co/c/ac38c262507b), you will get a [**free $100, 60-day credit**](https://m.do.co/c/ac38c262507b). [Check the wiki](https://github.com/opensourcepos/opensourcepos/wiki/Getting-Started-installations) for further instructions on how to install the necessary components.

LICENSE

@@ -1,49 +1,55 @@
-The MIT License (MIT)
+MIT License
 
-Copyright (c) 2012-2014 pappastech
-Copyright (c) 2012 Alain
-Copyright (c) 2013 Rob Garrison
-Copyright (c) 2013 Parq
-Copyright (c) 2013 Ramel
-Copyright (c) 2013-2019 jekkos
-Copyright (c) 2015-2019 FrancescoUK (aka daN4cat)
-Copyright (c) 2015 Aamir Shahzad (aka asakpke), RoshanTech.com
-Copyright (c) 2015 Toni Haryanto (aka yllumi)
+Copyright (c) 2013-2025 jekkos
+Copyright (c) 2017-2025 objecttothis
+Copyright (c) 2017-2025 odiea
+Copyright (c) 2021-2025 BudsieBuds
+Copyright (c) 2017-2024 Steve Ireland
+Copyright (c) 2018-2024 WebShells
+Copyright (c) 2015-2023 FrancescoUK (aka daN4cat)
+Copyright (c) 2015-2022 Aamir Shahzad (aka asakpke), RoshanTech, eSite.pk
+Copyright (c) 2019-2020 Andriux1990
+Copyright (c) 2018-2019 Erasto Marroquin (aka Erastus)
+Copyright (c) 2019 Loyd Jayme (aka loydjayme25)
+Copyright (c) 2018 Nathan Sas (aka nathanzky)
+Copyright (c) 2018 Emilio Silva (aka emi-silva)
 Copyright (c) 2016-2017 Ramkrishna Mondal (aka RamkrishnaMondal)
-Copyright (c) 2016 Rinaldy@dbarber (aka rnld26)
 Copyright (c) 2016-2017 Jorge Colmenarez (aka jlctmaster), frontuari.com
-Copyright (c) 2017-2019 Steve Ireland
-Copyright (c) 2017-2019 objecttothis
-Copyright (c) 2017-2019 odiea
-Copyright (c) 2017-2019 WebShells / Shady Sh
-Copyright (c) 2017 Jesus Guerrero Botella (aka i92guboj)
+Copyright (c) 2016-2017 Jesus Guerrero Botella (aka i92guboj)
 Copyright (c) 2017 Deep Shah (aka deepshah)
 Copyright (c) 2017 Joshua Fernandez (aka joshua1234511)
 Copyright (c) 2017 asadjaved63
-Copyright (c) 2018 Erasto Marroquin (aka Erastus)
-Copyright (c) 2018 Nathan Sas (aka nathanzky)
-Copyright (c) 2018 Emilio Silva (aka emi-silva)
-Copyright (c) 2019 Loyd Jayme (aka loydjayme25)
+Copyright (c) 2016 Rinaldy@dbarber (aka rnld26)
+Copyright (c) 2015 Toni Haryanto (aka yllumi)
+Copyright (c) 2012-2014 pappastech
+Copyright (c) 2013 Rob Garrison
+Copyright (c) 2013 Parq
+Copyright (c) 2013 Ramel
+Copyright (c) 2012 Alain
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-You cannot claim copyright or ownership of the Software.
-
-Footer signatures "You are using Open Source Point Of Sale" and/or "Open Source Point Of Sale"
-with version, hash and URL link to the original distribution of the code MUST BE RETAINED, 
-MUST BE VISIBLE IN EVERY PAGE and CANNOT BE MODIFIED.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+Additionally, you cannot claim copyright or ownership of the Software.
+
+The footer signatures with version, hash and URL link to the official website
+of the project MUST BE RETAINED, MUST BE VISIBLE IN EVERY PAGE and CANNOT BE
+MODIFIED.
+Footer signatures are in the format
+"© 2010 - current year · opensourcepos.org · version - commit"
+or "Open Source Point of Sale".

README.md

@@ -1,160 +1,143 @@
-[![Download](https://api.bintray.com/packages/jekkos/opensourcepos/opensourcepos/images/download.svg?version=3.3.0) ](https://bintray.com/jekkos/opensourcepos/opensourcepos/3.3.0/link)
-[![Build Status](https://travis-ci.org/opensourcepos/opensourcepos.svg?branch=master)](https://travis-ci.org/opensourcepos/opensourcepos)
-[![Join the chat at https://gitter.im/opensourcepos](https://badges.gitter.im/jekkos/opensourcepos.svg)](https://gitter.im/opensourcepos?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![devDependency Status](https://david-dm.org/jekkos/opensourcepos/dev-status.svg)](https://david-dm.org/jekkos/opensourcepos#info=dev)
-[![GitHub version](https://badge.fury.io/gh/jekkos%2Fopensourcepos.svg)](https://badge.fury.io/gh/jekkos%2Fopensourcepos)
-[![Translation status](http://weblate.jpeelaer.net/widgets/ospos/-/svg-badge.svg)](http://weblate.jpeelaer.net/engage/ospos/?utm_source=widget)
+<p align="center"><img src="https://raw.githubusercontent.com/opensourcepos/opensourcepos/master/branding/emblem.svg" alt="Open Source Point of Sale Logo" width="auto" height="200"></p>
+<h3 align="center">Open Source Point of Sale</h3>
 
+<p align="center">
+  <a href="#-introduction">Introduction</a> · <a href="#-live-demo">Demo</a> · <a href="#-installation">Installation</a> · 
+  <a href="#-contributing">Contributing</a> · <a href="#-reporting-bugs">Bugs</a> · <a href="#-faq">FAQ</a> · 
+  <a href="#-keep-the-machine-running">Donate</a> · <a href="#-license">License</a> · <a href="#-credits">Credits</a>
+</p>
 
-Introduction
-------------
+<p align="center">
+<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
+<a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
+<a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
+<a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
+</p>
 
-Open Source Point of Sale is a web based point of sale system.
-The main features are:
-* Stock management (Items and Kits with extensible list of Attributes)
-* VAT, GST, customer and multi tiers taxation
-* Sale register with transactions logging
-* Quotation and invoicing
-* Expenses logging
-* Cashup
-* Receipt and invoice printing and/or emailing
-* Barcode generation and printing
-* Suppliers and Customers database
-* Multiuser with permission control
-* Reporting on sales, orders, expenses, inventory status
-* Receivings
-* Giftcard
-* Rewards
-* Restaurant tables
-* Messaging (SMS)
-* Multilanguage
-* Selectable Boostrap (Bootswatch) based UI theme
-* Mailchimp integration
-* reCAPTCHA to protect login page from brute force attacks
-* GDPR ready
+## 👋 Introduction
 
-The software is written in PHP language, it uses MySQL (or MariaDB) as data storage back-end and has a simple but intuitive user interface.
+Open Source Point of Sale is a web-based point of sale system. The application is written in PHP, uses MySQL (or MariaDB) as the data storage back-end, and has a simple but intuitive user interface.
 
-The latest 3.x version is a complete overhaul of the original software.
-It is now based on Bootstrap 3 using Bootswatch themes, and still uses CodeIgniter 3 as framework.
-It also has improved functionality and security.
+The latest `3.4` version is a complete overhaul of the original software. It uses CodeIgniter 4 as a framework and is based on Bootstrap 3 using Bootswatch themes. Along with improved functionality and security.
 
-Deployed to a Cloud it's a SaaS (Software as a Service) solution.
+The features include:
 
-DEMO
-----
+- Stock management (items and kits with an extensible list of attributes)
+- VAT, GST, customer, and multi tiers taxation
+- Sale register with transactions logging
+- Quotation and invoicing
+- Expenses logging
+- Cash up function
+- Printing and emailing of receipts, invoices and quotations
+- Barcode generation and printing
+- Database of customers and suppliers
+- Multiuser with permission control
+- Reporting on sales, orders, expenses, inventory status and more
+- Receivings
+- Gift cards
+- Rewards
+- Restaurant tables
+- Messaging (SMS)
+- Multilanguage
+- Selectable Bootstrap based UI theme with Bootswatch
+- MailChimp integration
+- Optional Google reCAPTCHA to protect the login page from brute force attacks
+- GDPR ready
 
-A demo version of the latest master version can be found on our [Demo server](https://demo.opensourcepos.org). This is a containerized install which will be reinitialized when new functionality is added to the code repository.
+## 🧪 Live Demo
 
-LOGIN using
-* username: admin
-* password: pointofsale
+We've got a live version of our latest master running for you to play around with and test everything out. It's a containerized install that will reinitialize when new functionality is merged into our code repository.
 
+You can [find the demo here](https://demo.opensourcepos.org/) and log in with these credentials.  
+👤 Username `admin`  
+🔒 Password `pointofsale`
 
-Installation
-------------
+If you bump into an issue, please check [the status page here](https://status.opensourcepos.org/) to confirm if the server is up and running.
 
-Please **refrain from creating issues** about installation issues **before reading the FAQ and going through existing github issues**. We have a build pipeline that checks the sanity of our latest repository commit and in case the application itself is broken then our build will be as well.
+## 🖥️ Development Demo
 
-This application **can be setup in many different ways** and we only **support the ones described in the INSTALL file linked below**.
+Besides the demo of the latest master, we also have a development server that builds when there's a new commit to our repository. It's mainly used for testing out new code before merging it into the master. [It can be found here](https://dev.opensourcepos.org/).
 
-Read the [INSTALL.md](https://github.com/opensourcepos/opensourcepos/blob/master/INSTALL.md) in our repository.
+The log in credentials are the same as the regular live demo.
 
+## 💾 Installation
 
-License
--------
+Please **refrain from creating issues** about installation problems before having read the FAQ and going through existing GitHub issues. We have a build pipeline that checks the sanity of our latest repository commit, and in case the application itself is broken then our build will be as well.
+
+This application can be set up in _many_ different ways and we only support the ones described in [the INSTALL.md file](INSTALL.md).
+
+For more information and recommendations on support hardware, like receipt printers and barcode scanners, read [this page](https://github.com/opensourcepos/opensourcepos/wiki/Supported-hardware-datasheet) on our wiki.
+
+## ✨ Contributing
+
+Everyone is more than welcome to help us improve this project. If you think you've got something to help us go forward, feel free to open a [pull request]() or join the conversation on [Element](https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im).
+
+Want to help translate Open Source Point of Sale in your language? You can find [our Weblate here](https://translate.opensourcepos.org), sign up, and start translating. You can subscribe to different languages to receive a notification once a new string is added or needs updating. Have a look at our [guidelines](https://github.com/opensourcepos/opensourcepos/wiki/Adding-translations) below to help you get started.
+
+Only with the help of the community, we can keep language translations up to date. Thanks!
+
+## 🐛 Reporting Bugs
+
+Before creating a new issue, you'll need copy and include the info under the `System Info` tab in the configuration section in most cases. If that information is not provided in full, your issue might be tagged as pending.
+
+If you're reporting a potential security issue, please refer to our security policy found in the [SECURITY.md](SECURITY.md) file.
+
+NOTE: If you're running non-release code, please make sure you always run the latest database upgrade script and download the latest master code.
+
+## 📖 FAQ
+
+- If you get the message `system folder missing`, then you have cloned the source using git and you need to run a build first. Check [INSTALL.md](INSTALL.md) for instructions or download latest zip file from [GitHub releases](https://github.com/opensourcepos/opensourcepos/releases) instead.
+
+- If at login time you read `The installation is not correct, check your php.ini file.`, please check the error_log in `public` folder to understand what's wrong and make sure you read the [INSTALL.md](INSTALL.md). To know how to enable `error_log`, please read the comment in [issue #1770](https://github.com/opensourcepos/opensourcepos/issues/1770#issuecomment-355177943).
+
+- If you installed your OSPOS under a web server subdir, please edit `public/.htaccess` and go to the lines with the comments `if in web root` or `if in subdir`, uncomment one and replace `<OSPOS path>` with your path, and follow the instruction on the second comment line. If you face more issues, please read [issue #920](https://github.com/opensourcepos/opensourcepos/issues/920) for more information.
+
+- Apache server configurations are SysAdmin issues and not strictly related to OSPOS. Please make sure you can show a "Hello world" HTML page before pointing to OSPOS public directory. Make sure `.htaccess` is correctly configured.
+
+- If the avatar pictures are not shown in items or at item save you get an error, please make sure your `writable` and subdirs are assigned to the correct owner and the access permission is set to `750`.
+
+- If you install OSPOS in Docker behind a proxy that performs `ssloffloading`, you can enable the URL generated to be HTTPS instead of HTTP, by activating the environment variable `FORCE_HTTPS = 1`.
+
+- If you install OSPOS behind a proxy and OSPOS constantly drops your session, consider whitelisting the proxy IP address by setting `public array $proxyIPs = [];` in the [main PHP config file](https://github.com/opensourcepos/opensourcepos/blob/master/app/Config/App.php).
+
+- If you have suhosin installed and face an issue with CSRF, please make sure you read [issue #1492](https://github.com/opensourcepos/opensourcepos/issues/1492).
+
+- PHP `≥ 8.1` is required to run this app.
+
+## 🏃 Keep the Machine Running
+
+If you like our project, please consider buying us a coffee through the button below so we can keep adding features.
+
+[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MUN6AEG7NY6H8)\
+Or refer to the [FUNDING.yml](.github/FUNDING.yml) file.
+
+If you choose to deploy OSPOS in the cloud, you can contribute to the project by using DigitalOcean and signing up through our referral link. You'll receive a [free $200, 60-day credit](https://m.do.co/c/ac38c262507b) if you run OSPOS in a DigitalOcean droplet through [our referral link](https://m.do.co/c/ac38c262507b).
+
+## 📄 License
 
 Open Source Point of Sale is licensed under MIT terms with an important addition:
 
-_The footer signature "You are using Open Source Point Of Sale" with version, 
-hash and link to the original distribution of the code MUST BE RETAINED, 
-MUST BE VISIBLE IN EVERY PAGE and CANNOT BE MODIFIED._
+The footer signature "© 2010 - _current year_ · opensourcepos.org · 3.x.x - _hash_" including the version, hash and link to our website MUST BE RETAINED, MUST BE VISIBLE IN EVERY PAGE and CANNOT BE MODIFIED.
 
 Also worth noting:
 
-_The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software._
+_The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software._
 
-For more details please read the file [LICENSE](https://github.com/opensourcepos/opensourcepos/blob/master/LICENSE).
+For more details please read the [LICENSE](LICENSE) file.
 
-It's important to understand that althought you are free to use the software the copyright stays and the license agreement applies in all cases.
-Therefore any actions like:
+It's important to understand that although you are free to use the application, the copyright has to stay and the license agreement applies in all cases. Therefore, any actions like:
 
-- Removing LICENSE and any license files is prohibited
+- Removing LICENSE and/or any license files is prohibited
 - Authoring the footer notice replacing it with your own or even worse claiming the copyright is absolutely prohibited
 - Claiming full ownership of the code is prohibited
 
-In short you are free to use the software but you cannot claim any property on it.
+In short, you are free to use the application, but you cannot claim any property on it.
 
-Any person or company found breaching the license agreement will have a bunch of monkeys at the door ready to destroy their servers.
+Any person or company found breaching the license agreement might find a bunch of monkeys at the door ready to destroy their servers.
 
+## 🙏 Credits
 
-Keep the Machine Running
-------------------------
-
-If you like the project, and you are making money out of it in some form, then consider buying us a coffee so we can keep adding features.
-
-[![Donate](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MUN6AEG7NY6H8)
-
-
-Language Translations
----------------------
-
-To help us with OSPOS translations please use [Weblate website here](http://translate.opensourcepos.org) and sign up. After registering you can subscribe to different languages and you will be notified once a new translation is added.
-
-Please also read the [wiki page here](https://github.com/opensourcepos/opensourcepos/wiki/Adding-translations) to find our Translations Guideline.
-
-Only with the help of the community we can keep language translations up to date.
-
-
-Reporting Bugs
---------------
-
-If you are taking a release candidate code please make sure you always run the latest database upgrade script and you took the latest code from master.
-Please DO NOT post issues if you have not completed this step.
-
-- Versions **≥ 3.3.0**:
-
-Please **Copy** the info under **System Info tab in configuration section** in order to give us the required details.
-
-- Versions **< 3.2.3**:
-
-Bug reports must follow the below schema:
-
-1. Ospos **version string with git commit hash** (see ospos footer)
-2. OS name and version running your Web Server (e.g. CentOS 6.9, Ubuntu 16.4, Windows 10)
-3. Web Server name and version (e.g. Apache 2.2, Apache 2.4, Nginx 1.12, Nginx 1.13)
-4. Database name and version (e.g. MySQL 5.5, MySQL 5.6, MySQL 5.7, MariaDB 10.0, MariaDB 10.1, MariaDB 10.2)
-5. PHP version (e.g. 5.6, 7.0, 7.1, 7.2, 7.3)
-6. Language selected in OSPOS (e.g. English, Spanish)
-7. Any configuration of OSPOS that you changed
-8. Exact steps to reproduce the issue (test case)
-9. Optionally some screenshots to illustrate each step
-
-If above information is not provided in full, your issue will be tagged as pending.
-If missing information is not provided within a week we will close your issue.
-
-
-FAQ
----
-
-* If you are seeing the message **system folder missing**, then you have cloned the source using git and you need to run a build *first*. Check [INSTALL.md](https://github.com/opensourcepos/opensourcepos/blob/master/INSTALL.md) for instructions or download latest zip file from [bintray](https://bintray.com/jekkos/opensourcepos/opensourcepos/view/files?sort=updated&order=desc#files) instead.
-
-* If at login time you read "The installation is not correct, check your php.ini file.", please check the error_log in public folder to understand what's wrong and make sure you read the [INSTALL.md](https://github.com/opensourcepos/opensourcepos/blob/master/INSTALL.md). To know how to enable error_log, please read the comment in [issue 1770](https://github.com/opensourcepos/opensourcepos/issues/1770#issuecomment-355177943).
-
-* If you installed your OSPOS under a web server subdir, please edit public/.htaccess and go to the lines with comment `if in web root` and `if in subdir comment above line, uncomment below one and replace <OSPOS path> with your path` and follow the instruction on the second comment line. If you face more issues please read [issue #920](https://github.com/opensourcepos/opensourcepos/issues/920) for more help.
-
-* Apache server configurations are SysAdmin issues and not strictly related to OSPOS. Please make sure you first can show a "hello world" html page before pointing to OSPOS public directory. Make sure .htaccess is correctly configured.
-
-* If the avatar pictures are not shown in Items or at Item save time you get an error, please make sure your public and subdirs are assigned to the correct owner and the access permission is set to 755.
-
-* If you install ospos in docker behind a proxy that performs ssloffloading, you can enable the url generated to be https instead of http, by activating the environment variable FORCE_HTTPS = 1.
-
-* If you have suhosin installed and face an issue with CSRF, please make sure you read [issue #1492](https://github.com/opensourcepos/opensourcepos/issues/1492).
-
-Credits
--------
-|JetBrains|Travis CI|
-|:-:|:-:|
-|![IntelliJ IDEA](https://raw.githubusercontent.com/wiki/j-easy/easy-batch/images/logo/intellijidea-logo.png)|[Travis CI](https://travis-ci.com/images/logos/TravisCI-Full-Color.png)|
-|Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS|Many thanks to [Travis CI](https://travis-ci.org) for providing a free continuous integration service for open source projects.|
+| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
+| --- | --- | --- |
+| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
+| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |

SECURITY.md

@@ -0,0 +1,25 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+
+- [Security Policy](#security-policy)
+  - [Supported Versions](#supported-versions)
+  - [Reporting a Vulnerability](#reporting-a-vulnerability)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
+
+| CVSS v3.0 | Supported Versions                                 |
+| --------- | -------------------------------------------------- |
+| 7.3       | 3.3.5                                              |
+| 9.8       | 3.3.6                                              |
+| 6.8       | 3.4.2                                              |
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

UPGRADE.md

@@ -0,0 +1,20 @@
+## How to Upgrade
+
+> [!WARNING]
+> Not updated for upcoming CodeIgniter4 release (3.4.0 and subsequent versions).
+
+1. Back up all your current database and OSPOS code.
+2. Make sure you have a copy of `application/config/config.php` and `application/config/database.php`.
+3. Remove all directories.
+4. Install the new OSPOS.
+5. (Only applicable if upgrading from pre `3.0.0`) Run the database upgrade scripts from `database` dir (check which ones you need according to the version you are upgrading from).
+6. Take the saved old `config.php` and upgrade the new `config.php` with any additional changes you made in the old.
+   Take time to understand if new config rules require some changes (e.g. encryption keys).
+7. Take the saved old `database.php` and change the new `database.php` to contain all the configurations you had in the old setup.
+   Please try not to use the old layout, use the new one and copy the content of the config variables.
+8. Restore the content of the old `uploads` folder into `public/uploads` one.
+9. Once the new code is in place, the database is manually updated, and the config files are in place, you're good to go.
+10. The first login will take longer because OSPOS post `3.0.0` will upgrade automatically to the latest version.
+11. If everything went according to plan, you'll be able to use your upgraded version of OSPOS.
+12. Still have issues? Please check the [README](README.md) and [GitHub issues](https://github.com/opensourcepos/opensourcepos/issues).
+    Maybe a similar issue has already been reported, and you can find your answer there.

UPGRADE.txt

@@ -1,16 +0,0 @@
-How to Upgrade
--------------------------
-1. Backup all your current database and OSPOS code
-2. Make sure you have a copy of application/config/config.php and application/config/database.php
-3. Remove all directories
-4. Install the new OSPOS
-5. (Only applicable if upgrading from pre 3.0.0) Run the database upgrade scripts from database/ dir (check which ones you need according to the version you are upgrading from)
-6. Take the saved old config.php and upgrade the new config.php with any additional changes you made in the old.
-   Take time to understand if new config rules require some changes (e.g. encryption keys)
-7. Take the saved old database.php and change the new database.php to contain all the configuration you had in the old setup.
-   Please try not to use the old layout, use the new one and just copy the content of the config variables
-8. Restore the content of the old uploads/ folder into public/uploads/ one
-9. Once the new code is in place, database is manually updated and config files are sorted you are good to start the new OSPOS
-10. The first login will take longer because OSPOS post 3.0.0 will upgrade automatically to the latest version
-11. Now you can use OSPOS
-12. If any issue please check README, FAQ and GitHub issues as somebody else might have had your problem already before creating a new issue

WHATS_NEW.txt

@@ -1,263 +0,0 @@
-Version 3.3.0
--------------
-+ New logo
-+ Code Igniter 3.1.11 upgrade
-+ PHP 7.3 support
-+ Attributes feature (allows extensibility of Items replacing old custom fields)
-+ India GST Tax support + various Tax support improvements
-+ Cashup feature
-+ Temporary items feature
-+ Fixed Sales Discount
-+ Supplier category feature
-+ Improved Items import and csv file generation (to contain additional attributes)
-+ Improved Docker installation with nginx reverse proxy using Let's encrypt TLS certificate
-+ Database performance improvements
-+ Added and Updated translations
-+ Fixed various reports issues
-+ Fixed rounding issues
-+ Fixed CSRF issues
-+ Fixed database upgrade script issues
-+ Various bug fixes
-
-Version 3.2.3
--------------
-+ Further revert of CSRF change causing regression
-+ Code Igniter 3.1.9 upgrade
-
-Version 3.2.2
--------------
-+ Revert CSRF change causing regression
-
-Version 3.2.1
--------------
-+ Support for GDPR
-+ CSRF simplifications
-+ Translation upgrades
-+ Various bug fixes
-
-Version 3.2.0
--------------
-+ Code Igniter 3.1.8 upgrade
-+ PHP 7.2 support (use OpenSSL and not MCrypt)
-+ Automatic database upgrades from vs 3.0.0 at first login (no more sql scripts)
-+ Home and (back) Office menu switch (top menu can be organised in two views)
-+ Expenses feature
-+ Quote, Work Order features
-+ Improved Invoice support
-+ Sale suspend, soft delete, complete as state not as different tables or hard delete
-+ Restore deleted Sales
-+ Improved Items Kits
-+ Export tables all records and export to pdf
-+ Table sticky header (headers visible during scrolling)
-+ Allow duplicate barcodes (Config option)
-+ Search suggestion formatting (Config option)
-+ Define print and email checkboxes behaviour (Config option)
-+ Edit customer from sale register
-+ Added and Updated translations
-+ Various Jquery plugins upgrade
-+ Fixed permission issues (e.g. password change)
-+ Fixed various reports issues and renamed Sales to Transactions
-+ Various bug fixes (e.g. Tax, Rounding, Library circular dependency)
-
-Version 3.1.1
--------------
-+ Updated en-US and en-GB translations, better grammar and consistency
-+ Fixed database migration issue with VAT tax included
-+ Fixed database backup bug
-+ Fixed Gift card error
-+ Fixed database upgrade to 3.1.x script (now it's to 3.1.1 and there is no 3.1.0 anymore)
-+ Fixed old database upgrade scripts for people upgrading from 2.x versions
-+ Fixed .htaccess file in opensourcepos root dir (it was not forwarding to public subdir)
-+ Fixed few jQuery 2.0 upgrade issues
-
-Version 3.1.0
--------------
-+ MySQL 5.7 and PHP 7.x support
-+ Advanced Tax support with customer tax categories and etc,
-+ Better HORECA use case support with Dinner Table sale tagging
-+ Customer Rewards support
-+ Added quote support and better invoice support
-+ Added integration with Mailchimp to connect Customer list with Mailchimp list
-+ Prevent inserting two customers with same email address
-+ Customer total spending and stats
-+ Added reCAPTCHA to Login page to increase protection from Brute Force attacks
-+ Added due payment for credit sale support
-+ Gifcard numbering with two options: Series and Random
-+ Extended Item Kits functionality
-+ Employee allowed to change their own password clicking their name on top bar
-+ Cash rounding support, extended decimals
-+ Reworked Item Pictures and file name and storing
-+ Financial year start date and selection from date range pickers
-+ Date time range filters can be date & time or date only
-+ Added two new Bootswatch themes
-+ Receipts font size support
-+ Fix automatically people's name first capital letter, emails in lower case only
-+ Fixes to Receiving
-+ Various amendments to database script updates from older versions
-+ Added dotenv support
-+ Updates to language translations (split English to American English and British English)
-+ Various Dockers support improvements
-+ Minor bugfixes
-
-Version 3.0.2
--------------
-+ Fixed error when performing scans multiple times in a row
-+ Fixed summary reports
-+ Protect Employee privacy printing just the first letter of the family name
-+ Updates to language translations
-+ Various Dockers support improvements
-+ Minor bugfixes
-
-Version 3.0.1
--------------
-+ *CodeIgniter 3.1.2 Upgrade*
-+ *Substantial database performance improvements*
-+ *Improved security: email and sms passwords encryption, removed phpinfo.php*
-+ *Set code to be production and not development in index.php*
-+ *Reports improvements, fixed table sorting, tax calculation and made profit to be net profit*
-+ Better Apache 2.4 support in .htaccess
-+ Updates to language translations
-+ Fixed excel template download links
-+ Fixed employee name in Sale receipt and invoice reprinting
-+ Fixed 2.3.2_to_2.3.3.sql database upgrade script mistake
-+ Fixed phppos to ospos database migration script
-+ Minor bugfixes and some general code clean up
-
-Version 3.0.0
--------------
-+ *CodeIgniter 3.1 Upgrade*
-+ Major UI overhaul based on *Boostrap 3.0 and Bootswatch Themes*
-+ New tabular views with advanced filtering using *Bootstrap Tables*
-+ New graphical reports with no more Adobe flash dependency
-+ Redesign of all modal dialogs
-+ Updated Sales register with simplified payment flow
-+ *Improved security: MySQL injection, XSS, CSFR, BCrypt password encryption, safer project layout*
-+ Support for TXT messaging (interfacing to specific support required)
-+ Email configuration
-+ Improved Localisation support
-+ Improved Store Config page
-+ Docker container ready for Cloud installation
-+ Composer PHP support
-+ More languages and integration with Weblate for continuous translation
-+ About 280 closed issues under 3.0.0 release label, too many to produce a meaningful list
-+ Various code cleanup, refactoring, optimisation and etc.
-
-Version 2.4.0
--------------
-+ *CodeIgniter 3.0.5* Upgrade (please read UPGRADE.txt)
-+ Fix for spurious logouts
-+ Apache .htaccess mod_expiry caching and security optimizations
-+ Bulk item edit fixes (category, tax and supplier fields)
-+ Remove f-key shortcuts used for module navigation
-+ Allow to use custom invoice numbers when suspending sale
-+ PHP7 fixes
-+ Specific warnings to distinguish between reorder level and out of stock situation in sales
-+ Fix malware detection issues due to usage of base64 encoding for storing session variables
-+ Improve language generation scripts (use PHP builtin functionality)
-+ Add extra buttons for navigation and printing to receipt and invoice
-+ Improve print layout for invoices
-+ Make layout consistent for items between receipt and invoice templates
-+ Minor bugfixes
- 
-Version 2.3.4
--------------
-+ Migration script fixes
-+ Improved continuous integration setup
-+ More integration tests
-+ Virtualized container setup (docker install)
-+ Live clock functionality + favicon
-+ Improved PHP 7 compatbility
-+ Added de_CH (German) as language 
-+ Minor code cleanup
-+ Removal of annoying backup prompt on logout
-
-Version 2.3.3
--------------
-+ Item kit fixes (search, list, ..)
-+ Add datepicker widgets in sale/receiving edit forms
-+ Add date filter in items module
-+ Add barcode generation logic for EAN8, EAN13
-+ Add barcode validation + fallback logic for EAN8, EAN13
-+ New config option to generate barcodes if item_number empty
-+ Add cost + count to inventory reports
-+ Giftcard fixes
-+ Refactor sales overview (added date filtering + search options)
-+ Better locale config support
-+ Improve php compatibility
-+ Fix invoice numbering bug on suspend
-+ Add configurable locale-dependent dateformat
-+ Add grunt-cache-breaker plugin
-+ Suspend button appeaers before adding a payment
-+ Searching of deleted items, filtering part is removed
-+ Remove infamous "0" after leaving sale or receiving comments empty
-+ Add SQL script to clean zeroes in sales/receivings comments
-+ Numerous other bug fixes
-
-Version 2.3.2
--------------
-+ Nominatim (OpenStreetMap) customer address autocompletion
-+ Sale invoice templating
-+ Configurable barcode generation for items
-+ Stock location filtering in detailed sales and receivings reports
-+ Giftcards bugfixes
-+ Proper pagination support for most modules
-+ Language updates
-+ Bugfix for decimal taxrates
-+ Add gender + company name attributes to customer
-+ Stock location config screen refactor
-+ Basic travis-ci + phantomJs setup
-+ Database backup on admin logout
-+ Modifiable item thumbnails
-+ Email invoice PDF generation using DomPDF
-+ Modifiable company logo
-+ jQuery upgrade (1.2 -> 1.8.3)
-+ Javascript minification (using grunt)
-+ Numerous bugfixes
-
-Version 2.3.1
--------------
-+ Extra report permissions (this includes a refactoring of the database model - new grants table)
-+ Tax inclusive/exclusive pricing
-+ Receivings amount multiplication (can be configured in items section)
-+ Customizable sale and receiving numbering
-+ Giftcard improvements
-+ Fix item import through csv
-+ Bug fixes for reports
-
-Version 2.3.0
--------------
-+ Support for multiple stock locations
-
-Version 2.2.2
--------------
-+ French language added
-+ Thai language added
-+ Upgrade to CodeIgniter 2.2 (contains several security fixes)
-+ Database types for amounts all changed to decimal types (this will fix rounding errors in the sales and receivings reports) the rest of the application
-+ Fix duplicated session cookies in http headers (this broke the application when running on nginx)
-
-Version 2.1.1
----------------
-+ Barcodes on the order receipt weren't generated correctly
-+ Sales edit screen for detailed sales reports is now available with thickbox as in the rest of the application
-+ Indonesian language files updated (Oktafianus)
-+ Default language set to 'en' in config.php
-+ Fix some css bugs in suspended sales section
-+ Default cookie sess_time_expire set to 86400 (24h)
-
-Version 2.1.0
--------------
-+ Various upgrades, too numerous to list here.
-+ Removed dependancy on ofc upload library due to vulnerability found.
-
-Version 2.0.2
--------------
-+ Fixed multiple giftcards issue per Bug #4 reported on Sourceforge where a
-  second giftcard added would have its balance set to $0 even if the sale did
-  not require the total of the second giftcard to pay the remaining amount due.
-+ Small code cleanup
-
-Version 2.1.0
--------------
-* Upgrade to CodeIgniter 2.1.0
-* Various small improvements

app/.htaccess

@@ -0,0 +1,6 @@
+<IfModule authz_core_module>
+	Require all denied
+</IfModule>
+<IfModule !authz_core_module>
+	Deny from all
+</IfModule>

app/Common.php

@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * The goal of this file is to allow developers a location
+ * where they can overwrite core procedural functions and
+ * replace them with their own. This file is loaded during
+ * the bootstrap process and is called during the framework's
+ * execution.
+ *
+ * This can be looked at as a `master helper` file that is
+ * loaded early on, and may also contain additional functions
+ * that you'd like to use throughout your entire application
+ *
+ * @see: https://codeigniter.com/user_guide/extending/common.html
+ */

app/Config/App.php

@@ -0,0 +1,291 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Session\Handlers\DatabaseHandler;
+
+class App extends BaseConfig
+{
+    /**
+     * This is the code version of the Open Source Point of Sale you're running.
+     *
+     * @var string
+     */
+    public string $application_version = '3.4.2';
+
+    /**
+     * This is the commit hash for the version you are currently using.
+     *
+     * @var string
+     */
+    public string $commit_sha1 = 'dev';
+
+    /**
+     * Logs are stored in writable/logs
+     *
+     * @var bool
+     */
+    public bool $db_log_enabled = false;
+
+    /**
+     * DB Query Log only long-running queries
+     *
+     * @var bool
+     */
+    public bool $db_log_only_long = false;
+
+    /**
+     * Defines whether to require/reroute to HTTPS
+     *
+     * @var bool
+     */
+    public bool $https_on;    // Set in the constructor
+
+    /**
+     * --------------------------------------------------------------------------
+     * Base Site URL
+     * --------------------------------------------------------------------------
+     *
+     * URL to your CodeIgniter root. Typically, this will be your base URL,
+     * WITH a trailing slash:
+     *
+     * E.g., http://example.com/
+     */
+    public string $baseURL;    // Defined in the constructor
+
+    /**
+     * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
+     * If you want to accept multiple Hostnames, set this.
+     *
+     * E.g.,
+     * When your site URL ($baseURL) is 'http://example.com/', and your site
+     * also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
+     *     ['media.example.com', 'accounts.example.com']
+     *
+     * @var list<string>
+     */
+    public array $allowedHostnames = [];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Index File
+     * --------------------------------------------------------------------------
+     *
+     * Typically, this will be your `index.php` file, unless you've renamed it to
+     * something else. If you have configured your web server to remove this file
+     * from your site URIs, set this variable to an empty string.
+     */
+    public string $indexPage = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * URI PROTOCOL
+     * --------------------------------------------------------------------------
+     *
+     * This item determines which server global should be used to retrieve the
+     * URI string. The default setting of 'REQUEST_URI' works for most servers.
+     * If your links do not seem to work, try one of the other delicious flavors:
+     *
+     *  'REQUEST_URI': Uses $_SERVER['REQUEST_URI']
+     * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING']
+     *    'PATH_INFO': Uses $_SERVER['PATH_INFO']
+     *
+     * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
+     */
+    public string $uriProtocol = 'REQUEST_URI';
+
+    /*
+    |--------------------------------------------------------------------------
+    | Allowed URL Characters
+    |--------------------------------------------------------------------------
+    |
+    | This lets you specify which characters are permitted within your URLs.
+    | When someone tries to submit a URL with disallowed characters they will
+    | get a warning message.
+    |
+    | As a security measure you are STRONGLY encouraged to restrict URLs to
+    | as few characters as possible.
+    |
+    | By default, only these are allowed: `a-z 0-9~%.:_-`
+    |
+    | Set an empty string to allow all characters -- but only if you are insane.
+    |
+    | The configured value is actually a regular expression character group
+    | and it will be used as: '/\A[<permittedURIChars>]+\z/iu'
+    |
+    | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
+    |
+    */
+    public string $permittedURIChars = 'a-z 0-9~%.:_\-=';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Default Locale
+     * --------------------------------------------------------------------------
+     *
+     * The Locale roughly represents the language and location that your visitor
+     * is viewing the site from. It affects the language strings and other
+     * strings (like currency markers, numbers, etc), that your program
+     * should run under for this request.
+     */
+    public string $defaultLocale = 'en';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Negotiate Locale
+     * --------------------------------------------------------------------------
+     *
+     * If true, the current Request object will automatically determine the
+     * language to use based on the value of the Accept-Language header.
+     *
+     * If false, no automatic detection will be performed.
+     */
+    public bool $negotiateLocale = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Supported Locales
+     * --------------------------------------------------------------------------
+     *
+     * If $negotiateLocale is true, this array lists the locales supported
+     * by the application in descending order of priority. If no match is
+     * found, the first locale will be used.
+     *
+     * IncomingRequest::setLocale() also uses this list.
+     *
+     * @var list<string>
+     */
+    public array $supportedLocales = [
+        'ar-EG',
+        'ar-LB',
+        'az',
+        'bg',
+        'bs',
+        'ckb',
+        'cs',
+        'da',
+        'de-CH',
+        'de-DE',
+        'el',
+        'en',
+        'en-GB',
+        'es-ES',
+        'es-MX',
+        'fa',
+        'fr',
+        'he',
+        'hr-HR',
+        'hu',
+        'hy',
+        'id',
+        'it',
+        'km',
+        'lo',
+        'ml',
+        'nb',
+        'nl-BE',
+        'nl-NL',
+        'pl',
+        'pt-BR',
+        'ro',
+        'ru',
+        'sv',
+        'ta',
+        'th',
+        'tl',
+        'tr',
+        'uk',
+        'ur',
+        'vi',
+        'zh-Hans',
+        'zh-Hant',
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Application Timezone
+     * --------------------------------------------------------------------------
+     *
+     * The default timezone that will be used in your application to display
+     * dates with the date helper, and can be retrieved through app_timezone()
+     *
+     * @see https://www.php.net/manual/en/timezones.php for list of timezones
+     *      supported by PHP.
+     */
+    public string $appTimezone = 'UTC';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Default Character Set
+     * --------------------------------------------------------------------------
+     *
+     * This determines which character set is used by default in various methods
+     * that require a character set to be provided.
+     *
+     * @see http://php.net/htmlspecialchars for a list of supported charsets.
+     */
+    public string $charset = 'UTF-8';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Force Global Secure Requests
+     * --------------------------------------------------------------------------
+     *
+     * If true, this will force every request made to this application to be
+     * made via a secure connection (HTTPS). If the incoming request is not
+     * secure, the user will be redirected to a secure version of the page
+     * and the HTTP Strict Transport Security (HSTS) header will be set.
+     */
+    public bool $forceGlobalSecureRequests = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Reverse Proxy IPs
+     * --------------------------------------------------------------------------
+     *
+     * If your server is behind a reverse proxy, you must whitelist the proxy
+     * IP addresses from which CodeIgniter should trust headers such as
+     * X-Forwarded-For or Client-IP in order to properly identify
+     * the visitor's IP address.
+     *
+     * You need to set a proxy IP address or IP address with subnets and
+     * the HTTP header for the client IP address.
+     *
+     * Here are some examples:
+     *     [
+     *         '10.0.1.200'     => 'X-Forwarded-For',
+     *         '192.168.5.0/24' => 'X-Real-IP',
+     *     ]
+     *
+     * @var array<string, string>
+     */
+    public array $proxyIPs = [];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Content Security Policy
+     * --------------------------------------------------------------------------
+     *
+     * Enables the Response's Content Secure Policy to restrict the sources that
+     * can be used for images, scripts, CSS files, audio, video, etc. If enabled,
+     * the Response object will populate default values for the policy from the
+     * `ContentSecurityPolicy.php` file. Controllers can always add to those
+     * restrictions at run time.
+     *
+     * For a better understanding of CSP, see these documents:
+     *
+     * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+     * @see http://www.w3.org/TR/CSP/
+     */
+    public bool $CSPEnabled = false;    // TODO: Currently CSP3 tags are not supported so enabling this causes problems with script-src-elem, style-src-attr and style-src-elem
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
+        $this->baseURL = $this->https_on ? 'https' : 'http';
+        $this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
+        $this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
+    }
+}

app/Config/Autoload.php

@@ -0,0 +1,211 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\AutoloadConfig;
+
+/**
+ * -------------------------------------------------------------------
+ * AUTOLOADER CONFIGURATION
+ * -------------------------------------------------------------------
+ *
+ * This file defines the namespaces and class maps so the Autoloader
+ * can find the files as needed.
+ *
+ * NOTE: If you use an identical key in $psr4 or $classmap, then
+ *       the values in this file will overwrite the framework's values.
+ *
+ * NOTE: This class is required prior to Autoloader instantiation,
+ *       and does not extend BaseConfig.
+ *
+ * @immutable
+ */
+class Autoload extends AutoloadConfig
+{
+    /**
+     * -------------------------------------------------------------------
+     * Namespaces
+     * -------------------------------------------------------------------
+     * This maps the locations of any namespaces in your application to
+     * their location on the file system. These are used by the autoloader
+     * to locate files the first time they have been instantiated.
+     *
+     * The 'Config' (APPPATH . 'Config') and 'CodeIgniter' (SYSTEMPATH) are
+     * already mapped for you.
+     *
+     * You may change the name of the 'App' namespace if you wish,
+     * but this should be done prior to creating any namespaced classes,
+     * else you will need to modify all of those classes for this to work.
+     *
+     * @var array<string, list<string>|string>
+     */
+    public $psr4 = [
+        APP_NAMESPACE => APPPATH,
+        'Config'      => APPPATH . 'Config',
+        'dompdf'      => APPPATH . 'ThirdParty/dompdf/src'
+    ];
+
+    /**
+     * -------------------------------------------------------------------
+     * Class Map
+     * -------------------------------------------------------------------
+     * The class map provides a map of class names and their exact
+     * location on the drive. Classes loaded in this manner will have
+     * slightly faster performance because they will not have to be
+     * searched for within one or more directories as they would if they
+     * were being autoloaded through a namespace.
+     *
+     * Prototype:
+     *   $classmap = [
+     *       'MyClass'   => '/path/to/class/file.php'
+     *   ];
+     *
+     * @var array<string, string>
+     */
+    public $classmap = [
+        // Controllers
+        'Attributes'          => '/App/Controllers/Attributes.php',
+        'Cashups'             => '/App/Controllers/Cashups.php',
+        'Config'              => '/App/Controllers/Config.php',
+        'Customers'           => '/App/Controllers/Customers.php',
+        'Employees'           => '/App/Controllers/Employees.php',
+        'Expenses'            => '/App/Controllers/Expenses.php',
+        'Expenses_categories' => '/App/Controllers/Expenses_categories.php',
+        'Giftcards'           => '/App/Controllers/Giftcards.php',
+        'Home'                => '/App/Controllers/Home.php',
+        'Item_kits'           => '/App/Controllers/Item_kits.php',
+        'Items'               => '/App/Controllers/Items.php',
+        'Login'               => '/App/Controllers/Login.php',
+        'Messages'            => '/App/Controllers/Messages.php',
+        'No_access'           => '/App/Controllers/No_access.php',
+        'Office'              => '/App/Controllers/Office.php',
+        'Persons'             => '/App/Controllers/Persons.php',
+        'Receivings'          => '/App/Controllers/Receivings.php',
+        'Reports'             => '/App/Controllers/Reports.php',
+        'Sales'               => '/App/Controllers/Sales.php',
+        'Secure_Controller'   => '/App/Controllers/Secure_Controller.php',
+        'Suppliers'           => '/App/Controllers/Suppliers.php',
+        'Tax_categories'      => '/App/Controllers/Tax_categories.php',
+        'Tax_codes'           => '/App/Controllers/Tax_codes.php',
+        'Tax_jurisdictions'   => '/App/Controllers/Tax_jurisdictions.php',
+        'Taxes'               => '/App/Controllers/Taxes.php',
+
+        // Models
+        'Appconfig'        => '/App/Models/Appconfig.php',
+        'Attribute'        => '/App/Models/Attribute.php',
+        'Cashup'           => '/App/Models/Cashup.php',
+        'Customer'         => '/App/Models/Customer.php',
+        'Customer_rewards' => '/App/Models/Customer_rewards.php',
+        'Dinner_table'     => '/App/Models/Dinner_table.php',
+        'Employee'         => '/App/Models/Employee.php',
+        'Expense'          => '/App/Models/Expense.php',
+        'Expense_category' => '/App/Models/Expense_category.php',
+        'Giftcard'         => '/App/Models/Giftcard.php',
+        'Inventory'        => '/App/Models/Inventory.php',
+        'Item_kit'         => '/App/Models/Item_kit.php',
+        'Item_kit_items'   => '/App/Models/Item_kit_items.php',
+        'Item_quantity'    => '/App/Models/Item_quantity.php',
+        'Item_taxes'       => '/App/Models/Item_taxes.php',
+        'Module'           => '/App/Models/Module.php',
+        'Person'           => '/App/Models/Person.php',
+        'Receiving'        => '/App/Models/Receiving.php',
+        'Rewards'          => '/App/Models/Rewards.php',
+        'Sale'             => '/App/Models/Sale.php',
+        'Stock_location'   => '/App/Models/Stock_location.php',
+        'Supplier'         => '/App/Models/Supplier.php',
+        'Tax'              => '/App/Models/Tax.php',
+        'Tax_category'     => '/App/Models/Tax_category.php',
+        'Tax_code'         => '/App/Models/Tax_code.php',
+        'Tax_jurisdiction' => '/App/Models/Tax_jurisdiction.php',
+
+        // Reports
+        'Report'                      => '/App/Models/Reports/Report.php',
+        'Detailed_receiving'          => '/App/Models/Reports/Detailed_receiving.php',
+        'Detailed_sales'              => '/App/Models/Reports/Detailed_sales.php',
+        'Inventory_low'               => '/App/Models/Reports/Inventory_low.php',
+        'Inventory_summary'           => '/App/Models/Reports/Inventory_summary.php',
+        'Specific_customer'           => '/App/Models/Reports/Specific_customer.php',
+        'Specific_discount'           => '/App/Models/Reports/Specific_discount.php',
+        'Specific_employee'           => '/App/Models/Reports/Specific_employee.php',
+        'Specific_supplier'           => '/App/Models/Reports/Specific_supplier.php',
+        'Summary_categories'          => '/App/Models/Reports/Summary_categories.php',
+        'Summary_customers'           => '/App/Models/Reports/Summary_customers.php',
+        'Summary_discounts'           => '/App/Models/Reports/Summary_discounts.php',
+        'Summary_employees'           => '/App/Models/Reports/Summary_employees.php',
+        'Summary_expenses_categories' => '/App/Models/Reports/Summary_expenses_categories.php',
+        'Summary_items'               => '/App/Models/Reports/Summary_items.php',
+        'Summary_payments'            => '/App/Models/Reports/Summary_payments.php',
+        'Summary_report'              => '/App/Models/Reports/Summary_report.php',
+        'Summary_sales'               => '/App/Models/Reports/Summary_sales.php',
+        'Summary_sales_taxes'         => '/App/Models/Reports/Summary_sales_taxes.php',
+        'Summary_suppliers'           => '/App/Models/Reports/Summary_suppliers.php',
+        'Summary_taxes'               => '/App/Models/Reports/Summary_taxes.php',
+
+        // Tokens
+        'Token'                         => '/App/Models/Tokens/Token.php',
+        'Token_barcode_ean'             => '/App/Models/Tokens/Token_barcode_ean.php',
+        'Token_barcode_price'           => '/App/Models/Tokens/Token_barcode_price.php',
+        'Token_barcode_weight'          => '/App/Models/Tokens/Token_barcode_weight.php',
+        'Token_customer'                => '/App/Models/Tokens/Token_customer.php',
+        'Token_invoice_count'           => '/App/Models/Tokens/Token_invoice_count.php',
+        'Token_invoice_sequence'        => '/App/Models/Tokens/Token_invoice_sequence.php',
+        'Token_quote_sequence'          => '/App/Models/Tokens/Token_quote_sequence.php',
+        'Token_suspended_invoice_count' => '/App/Models/Tokens/Token_suspended_invoice_count.php',
+        'Token_work_order_sequence'     => '/App/Models/Tokens/Token_work_order_sequence.php',
+        'Token_year_invoice_count'      => '/App/Models/Tokens/Token_year_invoice_count.php',
+        'Token_year_quote_count'        => '/App/Models/Tokens/Token_year_quote_count.php',
+
+        // Libraries
+        'Barcode_lib'   => '/App/Libraries/Barcode_lib.php',
+        'Email_lib'     => '/App/Libraries/Email_lib.php',
+        'Item_lib'      => '/App/Libraries/Item_lib.php',
+        'Mailchimp_lib' => '/App/Libraries/Mailchimp_lib.php',
+        'MY_Email'      => '/App/Libraries/MY_Email.php',
+        'MY_Migration'  => '/App/Libraries/MY_Migration.php',
+        'Receving_lib'  => '/App/Libraries/Receiving_lib.php',
+        'Sale_lib'      => '/App/Libraries/Sale_lib.php',
+        'Sms_lib'       => '/App/Libraries/Sms_lib.php',
+        'Tax_lib'       => '/App/Libraries/Tax_lib.php',
+        'Token_lib'     => '/App/Libraries/Token_lib.php',
+
+        // Miscellaneous
+        'Rounding_mode' => '/App/Models/Enums/Rounding_mode.php'
+    ];
+
+    /**
+     * -------------------------------------------------------------------
+     * Files
+     * -------------------------------------------------------------------
+     * The files array provides a list of paths to __non-class__ files
+     * that will be autoloaded. This can be useful for bootstrap operations
+     * or for loading functions.
+     *
+     * Prototype:
+     *   $files = [
+     *       '/path/to/my/file.php',
+     *   ];
+     *
+     * @var list<string>
+     */
+    public $files = [];
+
+    /**
+     * -------------------------------------------------------------------
+     * Helpers
+     * -------------------------------------------------------------------
+     * Prototype:
+     *   $helpers = [
+     *       'form',
+     *   ];
+     *
+     * @var list<string>
+     */
+    public $helpers = [
+        'form',
+        'cookie',
+        'tabular',
+        'locale',
+        'security',
+        'plugin'
+    ];
+}

app/Config/Boot/development.php

@@ -0,0 +1,34 @@
+<?php
+
+/*
+ |--------------------------------------------------------------------------
+ | ERROR DISPLAY
+ |--------------------------------------------------------------------------
+ | In development, we want to show as many errors as possible to help
+ | make sure they don't make it to production. And save us hours of
+ | painful debugging.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
+ */
+error_reporting(E_ALL);
+ini_set('display_errors', '1');
+
+/*
+ |--------------------------------------------------------------------------
+ | DEBUG BACKTRACES
+ |--------------------------------------------------------------------------
+ | If true, this constant will tell the error screens to display debug
+ | backtraces along with the other error information. If you would
+ | prefer to not see this, set this value to false.
+ */
+defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
+
+/*
+ |--------------------------------------------------------------------------
+ | DEBUG MODE
+ |--------------------------------------------------------------------------
+ | Debug mode is an experimental flag that can allow changes throughout
+ | the system. This will control whether Kint is loaded, and a few other
+ | items. It can always be used within your own application too.
+ */
+defined('CI_DEBUG') || define('CI_DEBUG', true);

app/Config/Boot/production.php

@@ -0,0 +1,25 @@
+<?php
+
+/*
+ |--------------------------------------------------------------------------
+ | ERROR DISPLAY
+ |--------------------------------------------------------------------------
+ | Don't show ANY in production environments. Instead, let the system catch
+ | it and display a generic error message.
+ |
+ | If you set 'display_errors' to '1', CI4's detailed error report will show.
+ */
+error_reporting(E_ALL & ~E_DEPRECATED);
+// If you want to suppress more types of errors.
+// error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
+ini_set('display_errors', '0');
+
+/*
+ |--------------------------------------------------------------------------
+ | DEBUG MODE
+ |--------------------------------------------------------------------------
+ | Debug mode is an experimental flag that can allow changes throughout
+ | the system. It's not widely used currently, and may not survive
+ | release of the framework.
+ */
+defined('CI_DEBUG') || define('CI_DEBUG', false);

app/Config/Boot/testing.php

@@ -0,0 +1,23 @@
+<?php
+
+/*
+ |--------------------------------------------------------------------------
+| ERROR DISPLAY
+ |--------------------------------------------------------------------------
+*/
+error_reporting(E_ALL);
+ini_set('display_errors', '1');
+
+/*
+ |--------------------------------------------------------------------------
+| DEBUG BACKTRACES
+ |--------------------------------------------------------------------------
+*/
+defined('SHOW_DEBUG_BACKTRACE') || define('SHOW_DEBUG_BACKTRACE', true);
+
+/*
+ |--------------------------------------------------------------------------
+| DEBUG MODE
+ |--------------------------------------------------------------------------
+*/
+defined('CI_DEBUG') || define('CI_DEBUG', true);

app/Config/CURLRequest.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class CURLRequest extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Options
+     * --------------------------------------------------------------------------
+     *
+     * Whether share options between requests or not.
+     *
+     * If true, all the options won't be reset between requests.
+     * It may cause an error request with unnecessary headers.
+     */
+    public bool $shareOptions = false;
+}

app/Config/Cache.php

@@ -0,0 +1,161 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Cache\CacheInterface;
+use CodeIgniter\Cache\Handlers\DummyHandler;
+use CodeIgniter\Cache\Handlers\FileHandler;
+use CodeIgniter\Cache\Handlers\MemcachedHandler;
+use CodeIgniter\Cache\Handlers\PredisHandler;
+use CodeIgniter\Cache\Handlers\RedisHandler;
+use CodeIgniter\Cache\Handlers\WincacheHandler;
+use CodeIgniter\Config\BaseConfig;
+
+class Cache extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Primary Handler
+     * --------------------------------------------------------------------------
+     *
+     * The name of the preferred handler that should be used. If for some reason
+     * it is not available, the $backupHandler will be used in its place.
+     */
+    public string $handler = 'file';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Backup Handler
+     * --------------------------------------------------------------------------
+     *
+     * The name of the handler that will be used in case the first one is
+     * unreachable. Often, 'file' is used here since the filesystem is
+     * always available, though that's not always practical for the app.
+     */
+    public string $backupHandler = 'dummy';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Key Prefix
+     * --------------------------------------------------------------------------
+     *
+     * This string is added to all cache item names to help avoid collisions
+     * if you run multiple applications with the same cache engine.
+     */
+    public string $prefix = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Default TTL
+     * --------------------------------------------------------------------------
+     *
+     * The default number of seconds to save items when none is specified.
+     *
+     * WARNING: This is not used by framework handlers where 60 seconds is
+     * hard-coded, but may be useful to projects and modules. This will replace
+     * the hard-coded value in a future release.
+     */
+    public int $ttl = 300;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Reserved Characters
+     * --------------------------------------------------------------------------
+     *
+     * A string of reserved characters that will not be allowed in keys or tags.
+     * Strings that violate this restriction will cause handlers to throw.
+     * Default: {}()/\@:
+     *
+     * NOTE: The default set is required for PSR-6 compliance.
+     */
+    public string $reservedCharacters = '{}()/\@:';
+
+    /**
+     * --------------------------------------------------------------------------
+     * File settings
+     * --------------------------------------------------------------------------
+     *
+     * Your file storage preferences can be specified below, if you are using
+     * the File driver.
+     *
+     * @var array<string, int|string|null>
+     */
+    public array $file = [
+        'storePath' => WRITEPATH . 'cache/',
+        'mode'      => 0640,
+    ];
+
+    /**
+     * -------------------------------------------------------------------------
+     * Memcached settings
+     * -------------------------------------------------------------------------
+     *
+     * Your Memcached servers can be specified below, if you are using
+     * the Memcached drivers.
+     *
+     * @see https://codeigniter.com/user_guide/libraries/caching.html#memcached
+     *
+     * @var array<string, bool|int|string>
+     */
+    public array $memcached = [
+        'host'   => '127.0.0.1',
+        'port'   => 11211,
+        'weight' => 1,
+        'raw'    => false,
+    ];
+
+    /**
+     * -------------------------------------------------------------------------
+     * Redis settings
+     * -------------------------------------------------------------------------
+     * Your Redis server can be specified below, if you are using
+     * the Redis or Predis drivers.
+     *
+     * @var array<string, int|string|null>
+     */
+    public array $redis = [
+        'host'     => '127.0.0.1',
+        'password' => null,
+        'port'     => 6379,
+        'timeout'  => 0,
+        'database' => 0,
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Available Cache Handlers
+     * --------------------------------------------------------------------------
+     *
+     * This is an array of cache engine alias' and class names. Only engines
+     * that are listed here are allowed to be used.
+     *
+     * @var array<string, class-string<CacheInterface>>
+     */
+    public array $validHandlers = [
+        'dummy'     => DummyHandler::class,
+        'file'      => FileHandler::class,
+        'memcached' => MemcachedHandler::class,
+        'predis'    => PredisHandler::class,
+        'redis'     => RedisHandler::class,
+        'wincache'  => WincacheHandler::class,
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Web Page Caching: Cache Include Query String
+     * --------------------------------------------------------------------------
+     *
+     * Whether to take the URL query string into consideration when generating
+     * output cache files. Valid options are:
+     *
+     *    false = Disabled
+     *    true  = Enabled, take all query parameters into account.
+     *            Please be aware that this may result in numerous cache
+     *            files generated for the same page over and over again.
+     *    ['q'] = Enabled, but only take into account the specified list
+     *            of query parameters.
+     *
+     * @var bool|list<string>
+     */
+    public $cacheQueryString = false;
+}

app/Config/Constants.php

@@ -0,0 +1,176 @@
+<?php
+
+/*
+ | --------------------------------------------------------------------
+ | App Namespace
+ | --------------------------------------------------------------------
+ |
+ | This defines the default Namespace that is used throughout
+ | CodeIgniter to refer to the Application directory. Change
+ | this constant to change the namespace that all application
+ | classes should use.
+ |
+ | NOTE: changing this will require manually modifying the
+ | existing namespaces of App\* namespaced-classes.
+ */
+defined('APP_NAMESPACE') || define('APP_NAMESPACE', 'App');
+
+/*
+ | --------------------------------------------------------------------------
+ | Composer Path
+ | --------------------------------------------------------------------------
+ |
+ | The path that Composer's autoload file is expected to live. By default,
+ | the vendor folder is in the Root directory, but you can customize that here.
+ */
+defined('COMPOSER_PATH') || define('COMPOSER_PATH', ROOTPATH . 'vendor/autoload.php');
+
+/*
+ |--------------------------------------------------------------------------
+ | Timing Constants
+ |--------------------------------------------------------------------------
+ |
+ | Provide simple ways to work with the myriad of PHP functions that
+ | require information to be in seconds.
+ */
+defined('SECOND') || define('SECOND', 1);
+defined('MINUTE') || define('MINUTE', 60);
+defined('HOUR')   || define('HOUR', 3600);
+defined('DAY')    || define('DAY', 86400);
+defined('WEEK')   || define('WEEK', 604800);
+defined('MONTH')  || define('MONTH', 2_592_000);
+defined('YEAR')   || define('YEAR', 31_536_000);
+defined('DECADE') || define('DECADE', 315_360_000);
+defined('DEFAULT_DATE')     || define('DEFAULT_DATE', mktime(0, 0, 0, 1, 1, 2010));
+defined('DEFAULT_DATETIME') || define('DEFAULT_DATETIME', mktime(0, 0, 0, 1, 1, 2010));
+defined('NOW')    || define('NOW', time());
+
+/*
+ | --------------------------------------------------------------------------
+ | Exit Status Codes
+ | --------------------------------------------------------------------------
+ |
+ | Used to indicate the conditions under which the script is exit()ing.
+ | While there is no universal standard for error codes, there are some
+ | broad conventions.  Three such conventions are mentioned below, for
+ | those who wish to make use of them.  The CodeIgniter defaults were
+ | chosen for the least overlap with these conventions, while still
+ | leaving room for others to be defined in future versions and user
+ | applications.
+ |
+ | The three main conventions used for determining exit status codes
+ | are as follows:
+ |
+ |    Standard C/C++ Library (stdlibc):
+ |       http://www.gnu.org/software/libc/manual/html_node/Exit-Status.html
+ |       (This link also contains other GNU-specific conventions)
+ |    BSD sysexits.h:
+ |       http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits
+ |    Bash scripting:
+ |       http://tldp.org/LDP/abs/html/exitcodes.html
+ |
+ */
+defined('EXIT_SUCCESS')        || define('EXIT_SUCCESS', 0);        // no errors
+defined('EXIT_ERROR')          || define('EXIT_ERROR', 1);          // generic error
+defined('EXIT_CONFIG')         || define('EXIT_CONFIG', 3);         // configuration error
+defined('EXIT_UNKNOWN_FILE')   || define('EXIT_UNKNOWN_FILE', 4);   // file not found
+defined('EXIT_UNKNOWN_CLASS')  || define('EXIT_UNKNOWN_CLASS', 5);  // unknown class
+defined('EXIT_UNKNOWN_METHOD') || define('EXIT_UNKNOWN_METHOD', 6); // unknown class member
+defined('EXIT_USER_INPUT')     || define('EXIT_USER_INPUT', 7);     // invalid user input
+defined('EXIT_DATABASE')       || define('EXIT_DATABASE', 8);       // database error
+defined('EXIT__AUTO_MIN')      || define('EXIT__AUTO_MIN', 9);      // lowest automatically-assigned error code
+defined('EXIT__AUTO_MAX')      || define('EXIT__AUTO_MAX', 125);    // highest automatically-assigned error code
+
+/**
+ * Global Constants.
+ */
+const NEW_ENTRY = -1;
+const ACTIVE = 0;
+const DELETED = 1;
+
+/**
+ * Attribute Related Constants.
+ */
+const GROUP = 'GROUP';
+const DROPDOWN = 'DROPDOWN';
+const DECIMAL = 'DECIMAL';
+const DATE = 'DATE';
+const TEXT = 'TEXT';
+const CHECKBOX = 'CHECKBOX';
+const NO_DEFINITION_ID = 0;
+const CATEGORY_DEFINITION_ID = -1;
+const DEFINITION_TYPES = [GROUP, DROPDOWN, DECIMAL, TEXT, DATE, CHECKBOX];
+
+/**
+ * Item Related Constants.
+ */
+const HAS_STOCK = 0;
+const HAS_NO_STOCK = 1;
+
+const ITEM = 0;
+const ITEM_KIT = 1;
+const ITEM_AMOUNT_ENTRY = 2;
+const ITEM_TEMP = 3;
+const NEW_ITEM = -1;
+
+const PRINT_ALL = 0;
+const PRINT_PRICED = 1;
+const PRINT_KIT = 2;
+
+const PRINT_YES = 0;
+const PRINT_NO = 1;
+
+const PRICE_ALL = 0;
+const PRICE_KIT = 1;
+const PRICE_KIT_ITEMS = 2;
+
+const PRICE_OPTION_ALL = 0;
+const PRICE_OPTION_KIT = 1;
+const PRICE_OPTION_KIT_STOCK = 2;
+
+const NAME_SEPARATOR = ' | ';
+
+/**
+ * Sale Related Constants.
+ */
+const COMPLETED = 0;
+const SUSPENDED = 1;
+const CANCELED = 2;
+
+const SALE_TYPE_POS = 0;
+const SALE_TYPE_INVOICE = 1;
+const SALE_TYPE_WORK_ORDER = 2;
+const SALE_TYPE_QUOTE = 3;
+const SALE_TYPE_RETURN = 4;
+
+const PERCENT = 0;
+const FIXED = 1;
+
+const PRICE_MODE_STANDARD = 0;
+const PRICE_MODE_KIT = 1;
+
+const PAYMENT_TYPE_UNASSIGNED = '--';
+
+const CASH_ADJUSTMENT_TRUE = 1;
+const CASH_ADJUSTMENT_FALSE = 0;
+const CASH_MODE_TRUE = 1;
+const CASH_MODE_FALSE = 0;
+
+/**
+ * Supplier Related Constants
+ */
+const GOODS_SUPPLIER = 0;
+const COST_SUPPLIER = 1;
+
+/**
+ * Locale Related Constants
+ */
+const MAX_PRECISION = 1e14;
+const DEFAULT_PRECISION = 2;
+const DEFAULT_LANGUAGE = 'english';
+const DEFAULT_LANGUAGE_CODE = 'en';
+
+/**
+ * Admin modules - list of modules required for admin privileges
+ */
+const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

app/Config/ContentSecurityPolicy.php

@@ -0,0 +1,200 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Stores the default settings for the ContentSecurityPolicy, if you
+ * choose to use it. The values here will be read in and set as defaults
+ * for the site. If needed, they can be overridden on a page-by-page basis.
+ *
+ * Suggested reference for explanations:
+ *
+ * @see https://www.html5rocks.com/en/tutorials/security/content-security-policy/
+ */
+class ContentSecurityPolicy extends BaseConfig
+{
+    // -------------------------------------------------------------------------
+    // Broadbrush CSP management
+    // -------------------------------------------------------------------------
+
+    /**
+     * Default CSP report context
+     */
+    public bool $reportOnly = false;
+
+    /**
+     * Specifies a URL where a browser will send reports
+     * when a content security policy is violated.
+     */
+    public ?string $reportURI = null;
+
+    /**
+     * Instructs user agents to rewrite URL schemes, changing
+     * HTTP to HTTPS. This directive is for websites with
+     * large numbers of old URLs that need to be rewritten.
+     */
+    public bool $upgradeInsecureRequests = false;
+
+    // -------------------------------------------------------------------------
+    // Sources allowed
+    // NOTE: once you set a policy to 'none', it cannot be further restricted
+    // -------------------------------------------------------------------------
+
+    /**
+     * Will default to self if not overridden
+     *
+     * @var list<string>|string|null
+     */
+    public $defaultSrc = [
+        'self',
+        'www.google.com',
+    ];
+
+    /**
+     * Lists allowed scripts' URLs.
+     *
+     * @var list<string>|string
+     */
+    public $scriptSrc = [
+        'self',
+        'unsafe-inline',
+        'unsafe-eval',
+        'www.google.com www.gstatic.com'
+    ];
+
+    /**
+     * Lists allowed stylesheets' URLs.
+     *
+     * @var list<string>|string
+     */
+    public $styleSrc = [
+        'self',
+        'unsafe-inline',
+        'nonce-{csp-style-nonce}',
+        'https://fonts.googleapis.com',
+    ];
+
+    /**
+     * Defines the origins from which images can be loaded.
+     *
+     * @var list<string>|string
+     */
+    public $imageSrc = [
+        'self',
+        'data:',
+        'blob:',
+    ];
+
+    /**
+     * Restricts the URLs that can appear in a page's `<base>` element.
+     *
+     * Will default to self if not overridden
+     *
+     * @var list<string>|string|null
+     */
+    public $baseURI;
+
+    /**
+     * Lists the URLs for workers and embedded frame contents
+     *
+     * @var list<string>|string
+     */
+    public $childSrc = 'self';
+
+    /**
+     * Limits the origins that you can connect to (via XHR,
+     * WebSockets, and EventSource).
+     *
+     * @var list<string>|string
+     */
+    public $connectSrc = [
+        'self',
+        'nominatim.openstreetmap.org',
+    ];
+
+    /**
+     * Specifies the origins that can serve web fonts.
+     *
+     * @var list<string>|string
+     */
+    public $fontSrc = [
+        'self',
+        'fonts.googleapis.com',
+        'fonts.gstatic.com',
+    ];
+
+    /**
+     * Lists valid endpoints for submission from `<form>` tags.
+     *
+     * @var list<string>|string
+     */
+    public $formAction = 'self';
+
+    /**
+     * Specifies the sources that can embed the current page.
+     * This directive applies to `<frame>`, `<iframe>`, `<embed>`,
+     * and `<applet>` tags. This directive can't be used in
+     * `<meta>` tags and applies only to non-HTML resources.
+     *
+     * @var list<string>|string|null
+     */
+    public $frameAncestors;
+
+    /**
+     * The frame-src directive restricts the URLs which may
+     * be loaded into nested browsing contexts.
+     *
+     * @var list<string>|string|null
+     */
+    public $frameSrc;
+
+    /**
+     * Restricts the origins allowed to deliver video and audio.
+     *
+     * @var list<string>|string|null
+     */
+    public $mediaSrc;
+
+    /**
+     * Allows control over Flash and other plugins.
+     *
+     * @var list<string>|string
+     */
+    public $objectSrc = 'none';
+
+    /**
+     * @var list<string>|string|null
+     */
+    public $manifestSrc;
+
+    /**
+     * Limits the kinds of plugins a page may invoke.
+     *
+     * @var list<string>|string|null
+     */
+    public $pluginTypes;
+
+    /**
+     * List of actions allowed.
+     *
+     * @var list<string>|string|null
+     */
+    public $sandbox;
+
+    /**
+     * Nonce tag for style
+     */
+    public string $styleNonceTag = '{csp-style-nonce}';
+
+    /**
+     * Nonce tag for script
+     */
+    public string $scriptNonceTag = '{csp-script-nonce}';
+
+    /**
+     * Replace nonce tag automatically
+     */
+    public bool $autoNonce = true;
+}

app/Config/Cookie.php

@@ -0,0 +1,107 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use DateTimeInterface;
+
+class Cookie extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Prefix
+     * --------------------------------------------------------------------------
+     *
+     * Set a cookie name prefix if you need to avoid collisions.
+     */
+    public string $prefix = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Expires Timestamp
+     * --------------------------------------------------------------------------
+     *
+     * Default expires timestamp for cookies. Setting this to `0` will mean the
+     * cookie will not have the `Expires` attribute and will behave as a session
+     * cookie.
+     *
+     * @var DateTimeInterface|int|string
+     */
+    public $expires = 0;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Path
+     * --------------------------------------------------------------------------
+     *
+     * Typically will be a forward slash.
+     */
+    public string $path = '/';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Domain
+     * --------------------------------------------------------------------------
+     *
+     * Set to `.your-domain.com` for site-wide cookies.
+     */
+    public string $domain = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Secure
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be set if a secure HTTPS connection exists.
+     */
+    public bool $secure = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie HTTPOnly
+     * --------------------------------------------------------------------------
+     *
+     * Cookie will only be accessible via HTTP(S) (no JavaScript).
+     */
+    public bool $httponly = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie SameSite
+     * --------------------------------------------------------------------------
+     *
+     * Configure cookie SameSite setting. Allowed values are:
+     * - None
+     * - Lax
+     * - Strict
+     * - ''
+     *
+     * Alternatively, you can use the constant names:
+     * - `Cookie::SAMESITE_NONE`
+     * - `Cookie::SAMESITE_LAX`
+     * - `Cookie::SAMESITE_STRICT`
+     *
+     * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
+     * (empty string) means default SameSite attribute set by browsers (`Lax`)
+     * will be set on cookies. If set to `None`, `$secure` must also be set.
+     *
+     * @phpstan-var 'None'|'Lax'|'Strict'|''
+     */
+    public string $samesite = 'Lax';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Cookie Raw
+     * --------------------------------------------------------------------------
+     *
+     * This flag allows setting a "raw" cookie, i.e., its name and value are
+     * not URL encoded using `rawurlencode()`.
+     *
+     * If this is set to `true`, cookie names should be compliant of RFC 2616's
+     * list of allowed characters.
+     *
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
+     * @see https://tools.ietf.org/html/rfc2616#section-2.2
+     */
+    public bool $raw = false;
+}

app/Config/Cors.php

@@ -0,0 +1,105 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Cross-Origin Resource Sharing (CORS) Configuration
+ *
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+ */
+class Cors extends BaseConfig
+{
+    /**
+     * The default CORS configuration.
+     *
+     * @var array{
+     *      allowedOrigins: list<string>,
+     *      allowedOriginsPatterns: list<string>,
+     *      supportsCredentials: bool,
+     *      allowedHeaders: list<string>,
+     *      exposedHeaders: list<string>,
+     *      allowedMethods: list<string>,
+     *      maxAge: int,
+     *  }
+     */
+    public array $default = [
+        /**
+         * Origins for the `Access-Control-Allow-Origin` header.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+         *
+         * E.g.:
+         *   - ['http://localhost:8080']
+         *   - ['https://www.example.com']
+         */
+        'allowedOrigins' => [],
+
+        /**
+         * Origin regex patterns for the `Access-Control-Allow-Origin` header.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+         *
+         * NOTE: A pattern specified here is part of a regular expression. It will
+         *       be actually `#\A<pattern>\z#`.
+         *
+         * E.g.:
+         *   - ['https://\w+\.example\.com']
+         */
+        'allowedOriginsPatterns' => [],
+
+        /**
+         * Weather to send the `Access-Control-Allow-Credentials` header.
+         *
+         * The Access-Control-Allow-Credentials response header tells browsers whether
+         * the server allows cross-origin HTTP requests to include credentials.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
+         */
+        'supportsCredentials' => false,
+
+        /**
+         * Set headers to allow.
+         *
+         * The Access-Control-Allow-Headers response header is used in response to
+         * a preflight request which includes the Access-Control-Request-Headers to
+         * indicate which HTTP headers can be used during the actual request.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
+         */
+        'allowedHeaders' => [],
+
+        /**
+         * Set headers to expose.
+         *
+         * The Access-Control-Expose-Headers response header allows a server to
+         * indicate which response headers should be made available to scripts running
+         * in the browser, in response to a cross-origin request.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
+         */
+        'exposedHeaders' => [],
+
+        /**
+         * Set methods to allow.
+         *
+         * The Access-Control-Allow-Methods response header specifies one or more
+         * methods allowed when accessing a resource in response to a preflight
+         * request.
+         *
+         * E.g.:
+         *   - ['GET', 'POST', 'PUT', 'DELETE']
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
+         */
+        'allowedMethods' => [],
+
+        /**
+         * Set how many seconds the results of a preflight request can be cached.
+         *
+         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
+         */
+        'maxAge' => 7200,
+    ];
+}

app/Config/Database.php

@@ -0,0 +1,139 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Database\Config;
+
+/**
+ * Database Configuration
+ */
+class Database extends Config
+{
+    /**
+     * The directory that holds the Migrations and Seeds directories.
+     */
+    public string $filesPath = APPPATH . 'Database' . DIRECTORY_SEPARATOR;
+
+    /**
+     * Lets you choose which connection group to use if no other is specified.
+     */
+    public string $defaultGroup = 'default';
+
+    /**
+     * The default database connection.
+     *
+     * @var array<string, mixed>
+     */
+    public array $default = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
+
+    /**
+     * This database connection is used when running PHPUnit database tests.
+     *
+     * @var array<string, mixed>
+     */
+    public array $tests = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'foreignKeys'  => true,
+        'busyTimeout'  => 1000,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
+
+    /**
+     * This database connection is used when developing against non-production data.
+     *
+     * @var array
+     */
+    public $development = [
+        'DSN'          => '',
+        'hostname'     => 'localhost',
+        'username'     => 'admin',
+        'password'     => 'pointofsale',
+        'database'     => 'ospos',
+        'DBDriver'     => 'MySQLi',
+        'DBPrefix'     => 'ospos_',
+        'pConnect'     => false,
+        'DBDebug'      => (ENVIRONMENT !== 'production'),
+        'charset'      => 'utf8mb4',
+        'DBCollat'     => 'utf8mb4_general_ci',
+        'swapPre'      => '',
+        'encrypt'      => false,
+        'compress'     => false,
+        'strictOn'     => false,
+        'failover'     => [],
+        'port'         => 3306,
+        'foreignKeys'  => true,
+        'busyTimeout'  => 1000,
+        'dateFormat'   => [
+            'date'     => 'Y-m-d',
+            'datetime' => 'Y-m-d H:i:s',
+            'time'     => 'H:i:s',
+        ],
+    ];
+
+    public function __construct()
+    {
+        parent::__construct();
+
+        // Ensure that we always set the database group to 'tests' if
+        // we are currently running an automated test suite, so that
+        // we don't overwrite live data on accident.
+        switch (ENVIRONMENT) {
+            case 'testing':
+                $this->defaultGroup = 'tests';
+                break;
+            case 'development';
+                $this->defaultGroup = 'development';
+                break;
+        }
+
+        foreach ([&$this->development, &$this->tests, &$this->default] as &$config) {
+            $config['hostname'] = !getenv('MYSQL_HOST_NAME') ? $config['hostname'] : getenv('MYSQL_HOST_NAME');
+            $config['username'] = !getenv('MYSQL_USERNAME') ? $config['username'] : getenv('MYSQL_USERNAME');
+            $config['password'] = !getenv('MYSQL_PASSWORD') ? $config['password'] : getenv('MYSQL_PASSWORD');
+            $config['database'] = !getenv('MYSQL_DB_NAME') ? $config['database'] : getenv('MYSQL_DB_NAME');
+        }
+    }
+}

app/Config/DocTypes.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Config;
+
+/**
+ * @immutable
+ */
+class DocTypes
+{
+    /**
+     * List of valid document types.
+     *
+     * @var array<string, string>
+     */
+    public array $list = [
+        'xhtml11'           => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">',
+        'xhtml1-strict'     => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">',
+        'xhtml1-trans'      => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">',
+        'xhtml1-frame'      => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">',
+        'xhtml-basic11'     => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic11.dtd">',
+        'html5'             => '<!DOCTYPE html>',
+        'html4-strict'      => '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">',
+        'html4-trans'       => '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">',
+        'html4-frame'       => '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">',
+        'mathml1'           => '<!DOCTYPE math SYSTEM "http://www.w3.org/Math/DTD/mathml1/mathml.dtd">',
+        'mathml2'           => '<!DOCTYPE math PUBLIC "-//W3C//DTD MathML 2.0//EN" "http://www.w3.org/Math/DTD/mathml2/mathml2.dtd">',
+        'svg10'             => '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">',
+        'svg11'             => '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">',
+        'svg11-basic'       => '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1 Basic//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11-basic.dtd">',
+        'svg11-tiny'        => '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1 Tiny//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11-tiny.dtd">',
+        'xhtml-math-svg-xh' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN" "http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg.dtd">',
+        'xhtml-math-svg-sh' => '<!DOCTYPE svg:svg PUBLIC "-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN" "http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg.dtd">',
+        'xhtml-rdfa-1'      => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">',
+        'xhtml-rdfa-2'      => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.1//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-2.dtd">',
+    ];
+
+    /**
+     * Whether to remove the solidus (`/`) character for void HTML elements (e.g. `<input>`)
+     * for HTML5 compatibility.
+     *
+     * Set to:
+     *    `true` - to be HTML5 compatible
+     *    `false` - to be XHTML compatible
+     */
+    public bool $html5 = true;
+}

app/Config/Email.php

@@ -0,0 +1,121 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Email extends BaseConfig
+{
+    public string $fromEmail  = 'noreply@opensourcepos.org';
+    public string $fromName   = 'Opensource Point of Sale';
+    public string $recipients = 'blackhole@none.com';
+
+    /**
+     * The "user agent"
+     */
+    public string $userAgent = 'CodeIgniter';
+
+    /**
+     * The mail sending protocol: mail, sendmail, smtp
+     */
+    public string $protocol = 'mail';
+
+    /**
+     * The server path to Sendmail.
+     */
+    public string $mailPath = '/usr/sbin/sendmail';
+
+    /**
+     * SMTP Server Hostname
+     */
+    public string $SMTPHost = 'mail.mxserver.com';
+
+    /**
+     * SMTP Username
+     */
+    public string $SMTPUser = 'user';
+
+    /**
+     * SMTP Password
+     */
+    public string $SMTPPass = 'pass';
+
+    /**
+     * SMTP Port
+     */
+    public int $SMTPPort = 25;
+
+    /**
+     * SMTP Timeout (in seconds)
+     */
+    public int $SMTPTimeout = 5;
+
+    /**
+     * Enable persistent SMTP connections
+     */
+    public bool $SMTPKeepAlive = false;
+
+    /**
+     * SMTP Encryption.
+     *
+     * @var string '', 'tls' or 'ssl'. 'tls' will issue a STARTTLS command
+     *             to the server. 'ssl' means implicit SSL. Connection on port
+     *             465 should set this to ''.
+     */
+    public string $SMTPCrypto = 'tls';
+
+    /**
+     * Enable word-wrap
+     */
+    public bool $wordWrap = true;
+
+    /**
+     * Character count to wrap at
+     */
+    public int $wrapChars = 76;
+
+    /**
+     * Type of mail, either 'text' or 'html'
+     */
+    public string $mailType = 'html';
+
+    /**
+     * Character set (utf-8, iso-8859-1, etc.)
+     */
+    public string $charset = 'UTF-8';
+
+    /**
+     * Whether to validate the email address
+     */
+    public bool $validate = false;
+
+    /**
+     * Email Priority. 1 = highest. 5 = lowest. 3 = normal
+     */
+    public int $priority = 3;
+
+    /**
+     * Newline character. (Use “\r\n” to comply with RFC 822)
+     */
+    public string $CRLF = "\r\n";
+
+    /**
+     * Newline character. (Use “\r\n” to comply with RFC 822)
+     */
+    public string $newline = "\r\n";
+
+    /**
+     * Enable BCC Batch Mode.
+     */
+    public bool $BCCBatchMode = false;
+
+    /**
+     * Number of emails in each BCC batch
+     */
+    public int $BCCBatchSize = 200;
+
+    /**
+     * Enable notify message from server
+     */
+    public bool $DSN = false;
+}

app/Config/Encryption.php

@@ -0,0 +1,92 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Encryption configuration.
+ *
+ * These are the settings used for encryption, if you don't pass a parameter
+ * array to the encrypter for creation/initialization.
+ */
+class Encryption extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Encryption Key Starter
+     * --------------------------------------------------------------------------
+     *
+     * If you use the Encryption class you must set an encryption key (seed).
+     * You need to ensure it is long enough for the cipher and mode you plan to use.
+     * See the user guide for more info.
+     */
+    public string $key = '';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Encryption Driver to Use
+     * --------------------------------------------------------------------------
+     *
+     * One of the supported encryption drivers.
+     *
+     * Available drivers:
+     * - OpenSSL
+     * - Sodium
+     */
+    public string $driver = 'OpenSSL';
+
+    /**
+     * --------------------------------------------------------------------------
+     * SodiumHandler's Padding Length in Bytes
+     * --------------------------------------------------------------------------
+     *
+     * This is the number of bytes that will be padded to the plaintext message
+     * before it is encrypted. This value should be greater than zero.
+     *
+     * See the user guide for more information on padding.
+     */
+    public int $blockSize = 16;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Encryption digest
+     * --------------------------------------------------------------------------
+     *
+     * HMAC digest to use, e.g. 'SHA512' or 'SHA256'. Default value is 'SHA512'.
+     */
+    public string $digest = 'SHA512';
+
+    /**
+     * Whether the cipher-text should be raw. If set to false, then it will be base64 encoded.
+     * This setting is only used by OpenSSLHandler.
+     *
+     * Set to false for CI3 Encryption compatibility.
+     */
+    public bool $rawData = false;
+
+    /**
+     * Encryption key info.
+     * This setting is only used by OpenSSLHandler.
+     *
+     * Set to 'encryption' for CI3 Encryption compatibility.
+     */
+    public string $encryptKeyInfo = '';
+
+    /**
+     * Authentication key info.
+     * This setting is only used by OpenSSLHandler.
+     *
+     * Set to 'authentication' for CI3 Encryption compatibility.
+     */
+    public string $authKeyInfo = '';
+
+    /**
+     * Cipher to use.
+     * This setting is only used by OpenSSLHandler.
+     *
+     * Set to 'AES-128-CBC' to decrypt encrypted data that encrypted
+     * by CI3 Encryption default configuration.
+     */
+    public string $cipher = 'AES-256-CTR';
+}

app/Config/Events.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Events\Events;
+use CodeIgniter\Exceptions\FrameworkException;
+use CodeIgniter\HotReloader\HotReloader;
+use App\Events\Db_log;
+use App\Events\Load_config;
+use App\Events\Method;
+use App\Libraries\Plugins\PluginManager;
+
+Events::on('pre_system', static function (): void {
+    if (ENVIRONMENT !== 'testing') {
+        if (ini_get('zlib.output_compression')) {
+            throw FrameworkException::forEnabledZlibOutputCompression();
+        }
+
+        while (ob_get_level() > 0) {
+            ob_end_flush();
+        }
+
+        ob_start(static fn ($buffer) => $buffer);
+    }
+
+    if (CI_DEBUG && ! is_cli()) {
+        Events::on('DBQuery', 'CodeIgniter\Debug\Toolbar\Collectors\Database::collect');
+        service('toolbar')->respond();
+        if (ENVIRONMENT === 'development') {
+            service('routes')->get('__hot-reload', static function (): void {
+                (new HotReloader())->run();
+            });
+        }
+    }
+    
+    $pluginManager = new PluginManager();
+    $pluginManager->discoverPlugins();
+    $pluginManager->registerPluginEvents();
+});
+
+$config = new Load_config();
+Events::on('post_controller_constructor', [$config, 'load_config']);
+
+$db_log = new Db_log();
+Events::on('DBQuery', [$db_log, 'db_log_queries']);
+
+$method = new Method();
+Events::on('pre_controller', [$method, 'validate_method']);

app/Config/Exceptions.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Debug\ExceptionHandler;
+use CodeIgniter\Debug\ExceptionHandlerInterface;
+use Psr\Log\LogLevel;
+use Throwable;
+
+/**
+ * Setup how the exception handler works.
+ */
+class Exceptions extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * LOG EXCEPTIONS?
+     * --------------------------------------------------------------------------
+     * If true, then exceptions will be logged
+     * through Services::Log.
+     *
+     * Default: true
+     */
+    public bool $log = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * DO NOT LOG STATUS CODES
+     * --------------------------------------------------------------------------
+     * Any status codes here will NOT be logged if logging is turned on.
+     * By default, only 404 (Page Not Found) exceptions are ignored.
+     *
+     * @var list<int>
+     */
+    public array $ignoreCodes = [404];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Error Views Path
+     * --------------------------------------------------------------------------
+     * This is the path to the directory that contains the 'cli' and 'html'
+     * directories that hold the views used to generate errors.
+     *
+     * Default: APPPATH.'Views/errors'
+     */
+    public string $errorViewPath = APPPATH . 'Views/errors';
+
+    /**
+     * --------------------------------------------------------------------------
+     * HIDE FROM DEBUG TRACE
+     * --------------------------------------------------------------------------
+     * Any data that you would like to hide from the debug trace.
+     * In order to specify 2 levels, use "/" to separate.
+     * ex. ['server', 'setup/password', 'secret_token']
+     *
+     * @var list<string>
+     */
+    public array $sensitiveDataInTrace = [];
+
+    /**
+     * --------------------------------------------------------------------------
+     * WHETHER TO THROW AN EXCEPTION ON DEPRECATED ERRORS
+     * --------------------------------------------------------------------------
+     * If set to `true`, DEPRECATED errors are only logged and no exceptions are
+     * thrown. This option also works for user deprecations.
+     */
+    public bool $logDeprecations = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * LOG LEVEL THRESHOLD FOR DEPRECATIONS
+     * --------------------------------------------------------------------------
+     * If `$logDeprecations` is set to `true`, this sets the log level
+     * to which the deprecation will be logged. This should be one of the log
+     * levels recognized by PSR-3.
+     *
+     * The related `Config\Logger::$threshold` should be adjusted, if needed,
+     * to capture logging the deprecations.
+     */
+    public string $deprecationLogLevel = LogLevel::WARNING;
+
+    /*
+     * DEFINE THE HANDLERS USED
+     * --------------------------------------------------------------------------
+     * Given the HTTP status code, returns exception handler that
+     * should be used to deal with this error. By default, it will run CodeIgniter's
+     * default handler and display the error information in the expected format
+     * for CLI, HTTP, or AJAX requests, as determined by is_cli() and the expected
+     * response format.
+     *
+     * Custom handlers can be returned if you want to handle one or more specific
+     * error codes yourself like:
+     *
+     *      if (in_array($statusCode, [400, 404, 500])) {
+     *          return new \App\Libraries\MyExceptionHandler();
+     *      }
+     *      if ($exception instanceOf PageNotFoundException) {
+     *          return new \App\Libraries\MyExceptionHandler();
+     *      }
+     */
+    public function handler(int $statusCode, Throwable $exception): ExceptionHandlerInterface
+    {
+        return new ExceptionHandler($this);
+    }
+}

app/Config/Feature.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * Enable/disable backward compatibility breaking features.
+ */
+class Feature extends BaseConfig
+{
+    /**
+     * Use improved new auto routing instead of the legacy version.
+     */
+    public bool $autoRoutesImproved = true;
+
+    /**
+     * Use filter execution order in 4.4 or before.
+     */
+    public bool $oldFilterOrder = false;
+
+    /**
+     * The behavior of `limit(0)` in Query Builder.
+     *
+     * If true, `limit(0)` returns all records. (the behavior of 4.4.x or before in version 4.x.)
+     * If false, `limit(0)` returns no records. (the behavior of 3.1.9 or later in version 3.x.)
+     */
+    public bool $limitZeroAsAll = true;
+
+    /**
+     * Use strict location negotiation.
+     *
+     * By default, the locale is selected based on a loose comparison of the language code (ISO 639-1)
+     * Enabling strict comparison will also consider the region code (ISO 3166-1 alpha-2).
+     */
+    public bool $strictLocaleNegotiation = false;
+}

app/Config/Filters.php

@@ -0,0 +1,124 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\Filters as BaseFilters;
+use CodeIgniter\Filters\Cors;
+use CodeIgniter\Filters\CSRF;
+use CodeIgniter\Filters\DebugToolbar;
+use CodeIgniter\Filters\ForceHTTPS;
+use CodeIgniter\Filters\Honeypot;
+use CodeIgniter\Filters\InvalidChars;
+use CodeIgniter\Filters\PageCache;
+use CodeIgniter\Filters\PerformanceMetrics;
+use CodeIgniter\Filters\SecureHeaders;
+
+class Filters extends BaseFilters
+{
+    /**
+     * Configures aliases for Filter classes to
+     * make reading things nicer and simpler.
+     *
+     * @var array<string, class-string|list<class-string>>
+     *
+     * [filter_name => classname]
+     * or [filter_name => [classname1, classname2, ...]]
+     */
+    public array $aliases = [
+        'csrf'          => CSRF::class,
+        'toolbar'       => DebugToolbar::class,
+        'honeypot'      => Honeypot::class,
+        'invalidchars'  => InvalidChars::class,
+        'secureheaders' => SecureHeaders::class,
+        'cors'          => Cors::class,
+        'forcehttps'    => ForceHTTPS::class,
+        'pagecache'     => PageCache::class,
+        'performance'   => PerformanceMetrics::class,
+    ];
+
+    /**
+     * List of special required filters.
+     *
+     * The filters listed here are special. They are applied before and after
+     * other kinds of filters, and always applied even if a route does not exist.
+     *
+     * Filters set by default provide framework functionality. If removed,
+     * those functions will no longer work.
+     *
+     * @see https://codeigniter.com/user_guide/incoming/filters.html#provided-filters
+     *
+     * @var array{before: list<string>, after: list<string>}
+     */
+    public array $required = [
+        'before' => [
+            'forcehttps', // Force Global Secure Requests
+            'pagecache',  // Web Page Caching
+        ],
+        'after' => [
+            'pagecache',   // Web Page Caching
+            'performance', // Performance Metrics
+            'toolbar',     // Debug Toolbar
+        ],
+    ];
+
+    /**
+     * List of filter aliases that are always
+     * applied before and after every request.
+     *
+     * @var array<string, array<string, array<string, string>>>|array<string, list<string>>
+     */
+    public array $globals = [
+        'before' => [
+            'honeypot',
+            'csrf' => ['except' => 'login'],
+            'invalidchars',
+        ],
+        'after' => [
+            'toolbar',
+            'honeypot',
+            'secureheaders',
+        ],
+    ];
+
+    /**
+     * List of filter aliases that works on a
+     * particular HTTP method (GET, POST, etc.).
+     *
+     * Example:
+     * 'POST' => ['foo', 'bar']
+     *
+     * If you use this, you should disable auto-routing because auto-routing
+     * permits any HTTP method to access a controller. Accessing the controller
+     * with a method you don't expect could bypass the filter.
+     *
+     * @var array<string, list<string>>
+     */
+    public array $methods = [];
+
+    /**
+     * List of filter aliases that should run on any
+     * before or after URI patterns.
+     *
+     * Example:
+     * isLoggedIn' => ['before' => ['account/*', 'profiles/*']]
+     *
+     * @var array<string, array<string, list<string>>>
+     */
+    public array $filters = [];
+
+    /**
+     * Constructor to conditionally disable CSRF filter in testing environment
+     */
+    public function __construct()
+    {
+        // Check for testing environment via env variable or constant
+        $isTesting = ($_ENV['CI_ENVIRONMENT'] ?? $_SERVER['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT')) === 'testing'
+            || (defined('ENVIRONMENT') && ENVIRONMENT === 'testing');
+
+        // Remove CSRF filter from globals in testing environment
+        if ($isTesting) {
+            // Remove the 'csrf' key from $globals['before'] while preserving array structure
+            $this->globals['before'] = array_filter($this->globals['before'], static fn($key) => $key !== 'csrf', ARRAY_FILTER_USE_KEY);
+        }
+    }
+}

app/Config/ForeignCharacters.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\ForeignCharacters as BaseForeignCharacters;
+
+/**
+ * @immutable
+ */
+class ForeignCharacters extends BaseForeignCharacters
+{
+}

app/Config/Format.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Format\JSONFormatter;
+use CodeIgniter\Format\XMLFormatter;
+
+class Format extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Available Response Formats
+     * --------------------------------------------------------------------------
+     *
+     * When you perform content negotiation with the request, these are the
+     * available formats that your application supports. This is currently
+     * only used with the API\ResponseTrait. A valid Formatter must exist
+     * for the specified format.
+     *
+     * These formats are only checked when the data passed to the respond()
+     * method is an array.
+     *
+     * @var list<string>
+     */
+    public array $supportedResponseFormats = [
+        'application/json',
+        'application/xml', // machine-readable XML
+        'text/xml', // human-readable XML
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Formatters
+     * --------------------------------------------------------------------------
+     *
+     * Lists the class to use to format responses with of a particular type.
+     * For each mime type, list the class that should be used. Formatters
+     * can be retrieved through the getFormatter() method.
+     *
+     * @var array<string, string>
+     */
+    public array $formatters = [
+        'application/json' => JSONFormatter::class,
+        'application/xml'  => XMLFormatter::class,
+        'text/xml'         => XMLFormatter::class,
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Formatters Options
+     * --------------------------------------------------------------------------
+     *
+     * Additional Options to adjust default formatters behaviour.
+     * For each mime type, list the additional options that should be used.
+     *
+     * @var array<string, int>
+     */
+    public array $formatterOptions = [
+        'application/json' => JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES,
+        'application/xml'  => 0,
+        'text/xml'         => 0,
+    ];
+}

app/Config/Generators.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Generators extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Generator Commands' Views
+     * --------------------------------------------------------------------------
+     *
+     * This array defines the mapping of generator commands to the view files
+     * they are using. If you need to customize them for your own, copy these
+     * view files in your own folder and indicate the location here.
+     *
+     * You will notice that the views have special placeholders enclosed in
+     * curly braces `{...}`. These placeholders are used internally by the
+     * generator commands in processing replacements, thus you are warned
+     * not to delete them or modify the names. If you will do so, you may
+     * end up disrupting the scaffolding process and throw errors.
+     *
+     * YOU HAVE BEEN WARNED!
+     *
+     * @var array<string, array<string, string>|string>
+     */
+    public array $views = [
+        'make:cell' => [
+            'class' => 'CodeIgniter\Commands\Generators\Views\cell.tpl.php',
+            'view'  => 'CodeIgniter\Commands\Generators\Views\cell_view.tpl.php',
+        ],
+        'make:command'      => 'CodeIgniter\Commands\Generators\Views\command.tpl.php',
+        'make:config'       => 'CodeIgniter\Commands\Generators\Views\config.tpl.php',
+        'make:controller'   => 'CodeIgniter\Commands\Generators\Views\controller.tpl.php',
+        'make:entity'       => 'CodeIgniter\Commands\Generators\Views\entity.tpl.php',
+        'make:filter'       => 'CodeIgniter\Commands\Generators\Views\filter.tpl.php',
+        'make:migration'    => 'CodeIgniter\Commands\Generators\Views\migration.tpl.php',
+        'make:model'        => 'CodeIgniter\Commands\Generators\Views\model.tpl.php',
+        'make:seeder'       => 'CodeIgniter\Commands\Generators\Views\seeder.tpl.php',
+        'make:validation'   => 'CodeIgniter\Commands\Generators\Views\validation.tpl.php',
+        'session:migration' => 'CodeIgniter\Commands\Generators\Views\migration.tpl.php',
+    ];
+}

app/Config/Honeypot.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Honeypot extends BaseConfig
+{
+    /**
+     * Makes Honeypot visible or not to human
+     */
+    public bool $hidden = true;
+
+    /**
+     * Honeypot Label Content
+     */
+    public string $label = 'Fill This Field';
+
+    /**
+     * Honeypot Field Name
+     */
+    public string $name = 'honeypot';
+
+    /**
+     * Honeypot HTML Template
+     */
+    public string $template = '<label>{label}</label><input type="text" name="{name}" value="">';
+
+    /**
+     * Honeypot container
+     *
+     * If you enabled CSP, you can remove `style="display:none"`.
+     */
+    public string $container = '<div style="display:none">{template}</div>';
+
+    /**
+     * The id attribute for Honeypot container tag
+     *
+     * Used when CSP is enabled.
+     */
+    public string $containerId = 'hpc';
+}

app/Config/Images.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Images\Handlers\GDHandler;
+use CodeIgniter\Images\Handlers\ImageMagickHandler;
+
+class Images extends BaseConfig
+{
+    /**
+     * Default handler used if no other handler is specified.
+     */
+    public string $defaultHandler = 'gd';
+
+    /**
+     * The path to the image library.
+     * Required for ImageMagick, GraphicsMagick, or NetPBM.
+     */
+    public string $libraryPath = '/usr/local/bin/convert';
+
+    /**
+     * The available handler classes.
+     *
+     * @var array<string, string>
+     */
+    public array $handlers = [
+        'gd'      => GDHandler::class,
+        'imagick' => ImageMagickHandler::class,
+    ];
+}

app/Config/Kint.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Config;
+
+use Kint\Parser\ConstructablePluginInterface;
+use Kint\Renderer\Rich\TabPluginInterface;
+use Kint\Renderer\Rich\ValuePluginInterface;
+
+/**
+ * --------------------------------------------------------------------------
+ * Kint
+ * --------------------------------------------------------------------------
+ *
+ * We use Kint's `RichRenderer` and `CLIRenderer`. This area contains options
+ * that you can set to customize how Kint works for you.
+ *
+ * @see https://kint-php.github.io/kint/ for details on these settings.
+ */
+class Kint
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Global Settings
+    |--------------------------------------------------------------------------
+    */
+
+    /**
+     * @var list<class-string<ConstructablePluginInterface>|ConstructablePluginInterface>|null
+     */
+    public $plugins;
+
+    public int $maxDepth           = 6;
+    public bool $displayCalledFrom = true;
+    public bool $expanded          = false;
+
+    /*
+    |--------------------------------------------------------------------------
+    | RichRenderer Settings
+    |--------------------------------------------------------------------------
+    */
+    public string $richTheme = 'aante-light.css';
+    public bool $richFolder  = false;
+
+    /**
+     * @var array<string, class-string<ValuePluginInterface>>|null
+     */
+    public $richObjectPlugins;
+
+    /**
+     * @var array<string, class-string<TabPluginInterface>>|null
+     */
+    public $richTabPlugins;
+
+    /*
+    |--------------------------------------------------------------------------
+    | CLI Settings
+    |--------------------------------------------------------------------------
+    */
+    public bool $cliColors      = true;
+    public bool $cliForceUTF8   = false;
+    public bool $cliDetectWidth = true;
+    public int $cliMinWidth     = 40;
+}

app/Config/Logger.php

@@ -0,0 +1,150 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Log\Handlers\FileHandler;
+
+class Logger extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Error Logging Threshold
+     * --------------------------------------------------------------------------
+     *
+     * You can enable error logging by setting a threshold over zero. The
+     * threshold determines what gets logged. Any values below or equal to the
+     * threshold will be logged.
+     *
+     * Threshold options are:
+     *
+     * - 0 = Disables logging, Error logging TURNED OFF
+     * - 1 = Emergency Messages - System is unusable
+     * - 2 = Alert Messages - Action Must Be Taken Immediately
+     * - 3 = Critical Messages - Application component unavailable, unexpected exception.
+     * - 4 = Runtime Errors - Don't need immediate action, but should be monitored.
+     * - 5 = Warnings - Exceptional occurrences that are not errors.
+     * - 6 = Notices - Normal but significant events.
+     * - 7 = Info - Interesting events, like user logging in, etc.
+     * - 8 = Debug - Detailed debug information.
+     * - 9 = All Messages
+     *
+     * You can also pass an array with threshold levels to show individual error types
+     *
+     *     array(1, 2, 3, 8) = Emergency, Alert, Critical, and Debug messages
+     *
+     * For a live site you'll usually enable Critical or higher (3) to be logged otherwise
+     * your log files will fill up very fast.
+     *
+     * @var int|list<int>
+     */
+    public $threshold = (ENVIRONMENT === 'production') ? 4 : 9;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Date Format for Logs
+     * --------------------------------------------------------------------------
+     *
+     * Each item that is logged has an associated date. You can use PHP date
+     * codes to set your own date formatting
+     */
+    public string $dateFormat = 'Y-m-d H:i:s';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Log Handlers
+     * --------------------------------------------------------------------------
+     *
+     * The logging system supports multiple actions to be taken when something
+     * is logged. This is done by allowing for multiple Handlers, special classes
+     * designed to write the log to their chosen destinations, whether that is
+     * a file on the getServer, a cloud-based service, or even taking actions such
+     * as emailing the dev team.
+     *
+     * Each handler is defined by the class name used for that handler, and it
+     * MUST implement the `CodeIgniter\Log\Handlers\HandlerInterface` interface.
+     *
+     * The value of each key is an array of configuration items that are sent
+     * to the constructor of each handler. The only required configuration item
+     * is the 'handles' element, which must be an array of integer log levels.
+     * This is most easily handled by using the constants defined in the
+     * `Psr\Log\LogLevel` class.
+     *
+     * Handlers are executed in the order defined in this array, starting with
+     * the handler on top and continuing down.
+     *
+     * @var array<class-string, array<string, int|list<string>|string>>
+     */
+    public array $handlers = [
+        /*
+         * --------------------------------------------------------------------
+         * File Handler
+         * --------------------------------------------------------------------
+         */
+        FileHandler::class => [
+            // The log levels that this handler will handle.
+            'handles' => [
+                'critical',
+                'alert',
+                'emergency',
+                'debug',
+                'error',
+                'info',
+                'notice',
+                'warning',
+            ],
+
+            /*
+             * The default filename extension for log files.
+             * An extension of 'php' allows for protecting the log files via basic
+             * scripting, when they are to be stored under a publicly accessible directory.
+             *
+             * NOTE: Leaving it blank will default to 'log'.
+             */
+            'fileExtension' => '',
+
+            /*
+             * The file system permissions to be applied on newly created log files.
+             *
+             * IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal
+             * integer notation (i.e. 0700, 0644, etc.)
+             */
+            'filePermissions' => 0660,
+
+            /*
+             * Logging Directory Path
+             *
+             * By default, logs are written to WRITEPATH . 'logs/'
+             * Specify a different destination here, if desired.
+             */
+            'path' => '',
+        ],
+
+        /*
+         * The ChromeLoggerHandler requires the use of the Chrome web browser
+         * and the ChromeLogger extension. Uncomment this block to use it.
+         */
+        // 'CodeIgniter\Log\Handlers\ChromeLoggerHandler' => [
+        //     /*
+        //      * The log levels that this handler will handle.
+        //      */
+        //     'handles' => ['critical', 'alert', 'emergency', 'debug',
+        //                   'error', 'info', 'notice', 'warning'],
+        // ],
+
+        /*
+         * The ErrorlogHandler writes the logs to PHP's native `error_log()` function.
+         * Uncomment this block to use it.
+         */
+        // 'CodeIgniter\Log\Handlers\ErrorlogHandler' => [
+        //     /* The log levels this handler can handle. */
+        //     'handles' => ['critical', 'alert', 'emergency', 'debug', 'error', 'info', 'notice', 'warning'],
+        //
+        //     /*
+        //     * The message type where the error should go. Can be 0 or 4, or use the
+        //     * class constants: `ErrorlogHandler::TYPE_OS` (0) or `ErrorlogHandler::TYPE_SAPI` (4)
+        //     */
+        //     'messageType' => 0,
+        // ],
+    ];
+}

app/Config/Migrations.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Migrations extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Enable/Disable Migrations
+     * --------------------------------------------------------------------------
+     *
+     * Migrations are enabled by default.
+     *
+     * You should enable migrations whenever you intend to do a schema migration
+     * and disable it back when you're done.
+     */
+    public bool $enabled = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Migrations Table
+     * --------------------------------------------------------------------------
+     *
+     * This is the name of the table that will store the current migrations state.
+     * When migrations runs it will store in a database table which migration
+     * files have already been run.
+     */
+    public string $table = 'migrations';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Timestamp Format
+     * --------------------------------------------------------------------------
+     *
+     * This is the format that will be used when creating new migrations
+     * using the CLI command:
+     *   > php spark make:migration
+     *
+     * NOTE: if you set an unsupported format, migration runner will not find
+     *       your migration files.
+     *
+     * Supported formats:
+     * - YmdHis_
+     * - Y-m-d-His_
+     * - Y_m_d_His_
+     */
+    public string $timestampFormat = 'YmdHis_';
+}

app/Config/Mimes.php

@@ -0,0 +1,536 @@
+<?php
+
+namespace Config;
+
+/**
+ * Mimes
+ *
+ * This file contains an array of mime types.  It is used by the
+ * Upload class to help identify allowed file types.
+ *
+ * When more than one variation for an extension exist (like jpg, jpeg, etc)
+ * the most common one should be first in the array to aid the guess*
+ * methods. The same applies when more than one mime-type exists for a
+ * single extension.
+ *
+ * When working with mime types, please make sure you have the ´fileinfo´
+ * extension enabled to reliably detect the media types.
+ *
+ * @immutable
+ */
+class Mimes
+{
+    /**
+     * Map of extensions to mime types.
+     *
+     * @var array<string, list<string>|string>
+     */
+    public static array $mimes = [
+        'hqx' => [
+            'application/mac-binhex40',
+            'application/mac-binhex',
+            'application/x-binhex40',
+            'application/x-mac-binhex40',
+        ],
+        'cpt' => 'application/mac-compactpro',
+        'csv' => [
+            'text/csv',
+            'text/x-comma-separated-values',
+            'text/comma-separated-values',
+            'application/vnd.ms-excel',
+            'application/x-csv',
+            'text/x-csv',
+            'application/csv',
+            'application/excel',
+            'application/vnd.msexcel',
+            'text/plain',
+        ],
+        'bin' => [
+            'application/macbinary',
+            'application/mac-binary',
+            'application/octet-stream',
+            'application/x-binary',
+            'application/x-macbinary',
+        ],
+        'dms' => 'application/octet-stream',
+        'lha' => 'application/octet-stream',
+        'lzh' => 'application/octet-stream',
+        'exe' => [
+            'application/octet-stream',
+            'application/vnd.microsoft.portable-executable',
+            'application/x-dosexec',
+            'application/x-msdownload',
+        ],
+        'class' => 'application/octet-stream',
+        'psd'   => [
+            'application/x-photoshop',
+            'image/vnd.adobe.photoshop',
+        ],
+        'so'  => 'application/octet-stream',
+        'sea' => 'application/octet-stream',
+        'dll' => 'application/octet-stream',
+        'oda' => 'application/oda',
+        'pdf' => [
+            'application/pdf',
+            'application/force-download',
+            'application/x-download',
+        ],
+        'ai' => [
+            'application/pdf',
+            'application/postscript',
+        ],
+        'eps'  => 'application/postscript',
+        'ps'   => 'application/postscript',
+        'smi'  => 'application/smil',
+        'smil' => 'application/smil',
+        'mif'  => 'application/vnd.mif',
+        'xls'  => [
+            'application/vnd.ms-excel',
+            'application/msexcel',
+            'application/x-msexcel',
+            'application/x-ms-excel',
+            'application/x-excel',
+            'application/x-dos_ms_excel',
+            'application/xls',
+            'application/x-xls',
+            'application/excel',
+            'application/download',
+            'application/vnd.ms-office',
+            'application/msword',
+        ],
+        'ppt' => [
+            'application/vnd.ms-powerpoint',
+            'application/powerpoint',
+            'application/vnd.ms-office',
+            'application/msword',
+        ],
+        'pptx' => [
+            'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+        ],
+        'wbxml' => 'application/wbxml',
+        'wmlc'  => 'application/wmlc',
+        'dcr'   => 'application/x-director',
+        'dir'   => 'application/x-director',
+        'dxr'   => 'application/x-director',
+        'dvi'   => 'application/x-dvi',
+        'gtar'  => 'application/x-gtar',
+        'gz'    => 'application/x-gzip',
+        'gzip'  => 'application/x-gzip',
+        'php'   => [
+            'application/x-php',
+            'application/x-httpd-php',
+            'application/php',
+            'text/php',
+            'text/x-php',
+            'application/x-httpd-php-source',
+        ],
+        'php4'  => 'application/x-httpd-php',
+        'php3'  => 'application/x-httpd-php',
+        'phtml' => 'application/x-httpd-php',
+        'phps'  => 'application/x-httpd-php-source',
+        'js'    => [
+            'application/x-javascript',
+            'text/plain',
+        ],
+        'swf' => 'application/x-shockwave-flash',
+        'sit' => 'application/x-stuffit',
+        'tar' => 'application/x-tar',
+        'tgz' => [
+            'application/x-tar',
+            'application/x-gzip-compressed',
+        ],
+        'z'     => 'application/x-compress',
+        'xhtml' => 'application/xhtml+xml',
+        'xht'   => 'application/xhtml+xml',
+        'zip'   => [
+            'application/x-zip',
+            'application/zip',
+            'application/x-zip-compressed',
+            'application/s-compressed',
+            'multipart/x-zip',
+        ],
+        'rar' => [
+            'application/vnd.rar',
+            'application/x-rar',
+            'application/rar',
+            'application/x-rar-compressed',
+        ],
+        'mid'  => 'audio/midi',
+        'midi' => 'audio/midi',
+        'mpga' => 'audio/mpeg',
+        'mp2'  => 'audio/mpeg',
+        'mp3'  => [
+            'audio/mpeg',
+            'audio/mpg',
+            'audio/mpeg3',
+            'audio/mp3',
+        ],
+        'aif' => [
+            'audio/x-aiff',
+            'audio/aiff',
+        ],
+        'aiff' => [
+            'audio/x-aiff',
+            'audio/aiff',
+        ],
+        'aifc' => 'audio/x-aiff',
+        'ram'  => 'audio/x-pn-realaudio',
+        'rm'   => 'audio/x-pn-realaudio',
+        'rpm'  => 'audio/x-pn-realaudio-plugin',
+        'ra'   => 'audio/x-realaudio',
+        'rv'   => 'video/vnd.rn-realvideo',
+        'wav'  => [
+            'audio/x-wav',
+            'audio/wave',
+            'audio/wav',
+        ],
+        'bmp' => [
+            'image/bmp',
+            'image/x-bmp',
+            'image/x-bitmap',
+            'image/x-xbitmap',
+            'image/x-win-bitmap',
+            'image/x-windows-bmp',
+            'image/ms-bmp',
+            'image/x-ms-bmp',
+            'application/bmp',
+            'application/x-bmp',
+            'application/x-win-bitmap',
+        ],
+        'gif' => 'image/gif',
+        'jpg' => [
+            'image/jpeg',
+            'image/pjpeg',
+        ],
+        'jpeg' => [
+            'image/jpeg',
+            'image/pjpeg',
+        ],
+        'jpe' => [
+            'image/jpeg',
+            'image/pjpeg',
+        ],
+        'jp2' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'j2k' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'jpf' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'jpg2' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'jpx' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'jpm' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'mj2' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'mjp2' => [
+            'image/jp2',
+            'video/mj2',
+            'image/jpx',
+            'image/jpm',
+        ],
+        'png' => [
+            'image/png',
+            'image/x-png',
+        ],
+        'webp' => 'image/webp',
+        'tif'  => 'image/tiff',
+        'tiff' => 'image/tiff',
+        'css'  => [
+            'text/css',
+            'text/plain',
+        ],
+        'html' => [
+            'text/html',
+            'text/plain',
+        ],
+        'htm' => [
+            'text/html',
+            'text/plain',
+        ],
+        'shtml' => [
+            'text/html',
+            'text/plain',
+        ],
+        'txt'  => 'text/plain',
+        'text' => 'text/plain',
+        'log'  => [
+            'text/plain',
+            'text/x-log',
+        ],
+        'rtx' => 'text/richtext',
+        'rtf' => 'text/rtf',
+        'xml' => [
+            'application/xml',
+            'text/xml',
+            'text/plain',
+        ],
+        'xsl' => [
+            'application/xml',
+            'text/xsl',
+            'text/xml',
+        ],
+        'mpeg' => 'video/mpeg',
+        'mpg'  => 'video/mpeg',
+        'mpe'  => 'video/mpeg',
+        'qt'   => 'video/quicktime',
+        'mov'  => 'video/quicktime',
+        'avi'  => [
+            'video/x-msvideo',
+            'video/msvideo',
+            'video/avi',
+            'application/x-troff-msvideo',
+        ],
+        'movie' => 'video/x-sgi-movie',
+        'doc'   => [
+            'application/msword',
+            'application/vnd.ms-office',
+        ],
+        'docx' => [
+            'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+            'application/zip',
+            'application/msword',
+            'application/x-zip',
+        ],
+        'dot' => [
+            'application/msword',
+            'application/vnd.ms-office',
+        ],
+        'dotx' => [
+            'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+            'application/zip',
+            'application/msword',
+        ],
+        'xlsx' => [
+            'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+            'application/zip',
+            'application/vnd.ms-excel',
+            'application/msword',
+            'application/x-zip',
+        ],
+        'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
+        'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
+        'word' => [
+            'application/msword',
+            'application/octet-stream',
+        ],
+        'xl'   => 'application/excel',
+        'eml'  => 'message/rfc822',
+        'json' => [
+            'application/json',
+            'text/json',
+        ],
+        'pem' => [
+            'application/x-x509-user-cert',
+            'application/x-pem-file',
+            'application/octet-stream',
+        ],
+        'p10' => [
+            'application/x-pkcs10',
+            'application/pkcs10',
+        ],
+        'p12' => 'application/x-pkcs12',
+        'p7a' => 'application/x-pkcs7-signature',
+        'p7c' => [
+            'application/pkcs7-mime',
+            'application/x-pkcs7-mime',
+        ],
+        'p7m' => [
+            'application/pkcs7-mime',
+            'application/x-pkcs7-mime',
+        ],
+        'p7r' => 'application/x-pkcs7-certreqresp',
+        'p7s' => 'application/pkcs7-signature',
+        'crt' => [
+            'application/x-x509-ca-cert',
+            'application/x-x509-user-cert',
+            'application/pkix-cert',
+        ],
+        'crl' => [
+            'application/pkix-crl',
+            'application/pkcs-crl',
+        ],
+        'der' => 'application/x-x509-ca-cert',
+        'kdb' => 'application/octet-stream',
+        'pgp' => 'application/pgp',
+        'gpg' => 'application/gpg-keys',
+        'sst' => 'application/octet-stream',
+        'csr' => 'application/octet-stream',
+        'rsa' => 'application/x-pkcs7',
+        'cer' => [
+            'application/pkix-cert',
+            'application/x-x509-ca-cert',
+        ],
+        '3g2' => 'video/3gpp2',
+        '3gp' => [
+            'video/3gp',
+            'video/3gpp',
+        ],
+        'mp4' => 'video/mp4',
+        'm4a' => 'audio/x-m4a',
+        'f4v' => [
+            'video/mp4',
+            'video/x-f4v',
+        ],
+        'flv'  => 'video/x-flv',
+        'webm' => 'video/webm',
+        'aac'  => 'audio/x-acc',
+        'm4u'  => 'application/vnd.mpegurl',
+        'm3u'  => 'text/plain',
+        'xspf' => 'application/xspf+xml',
+        'vlc'  => 'application/videolan',
+        'wmv'  => [
+            'video/x-ms-wmv',
+            'video/x-ms-asf',
+        ],
+        'au'   => 'audio/x-au',
+        'ac3'  => 'audio/ac3',
+        'flac' => 'audio/x-flac',
+        'ogg'  => [
+            'audio/ogg',
+            'video/ogg',
+            'application/ogg',
+        ],
+        'kmz' => [
+            'application/vnd.google-earth.kmz',
+            'application/zip',
+            'application/x-zip',
+        ],
+        'kml' => [
+            'application/vnd.google-earth.kml+xml',
+            'application/xml',
+            'text/xml',
+        ],
+        'ics'  => 'text/calendar',
+        'ical' => 'text/calendar',
+        'zsh'  => 'text/x-scriptzsh',
+        '7zip' => [
+            'application/x-compressed',
+            'application/x-zip-compressed',
+            'application/zip',
+            'multipart/x-zip',
+        ],
+        'cdr' => [
+            'application/cdr',
+            'application/coreldraw',
+            'application/x-cdr',
+            'application/x-coreldraw',
+            'image/cdr',
+            'image/x-cdr',
+            'zz-application/zz-winassoc-cdr',
+        ],
+        'wma' => [
+            'audio/x-ms-wma',
+            'video/x-ms-asf',
+        ],
+        'jar' => [
+            'application/java-archive',
+            'application/x-java-application',
+            'application/x-jar',
+            'application/x-compressed',
+        ],
+        'svg' => [
+            'image/svg+xml',
+            'image/svg',
+            'application/xml',
+            'text/xml',
+        ],
+        'vcf' => 'text/x-vcard',
+        'srt' => [
+            'text/srt',
+            'text/plain',
+        ],
+        'vtt' => [
+            'text/vtt',
+            'text/plain',
+        ],
+        'ico' => [
+            'image/x-icon',
+            'image/x-ico',
+            'image/vnd.microsoft.icon',
+        ],
+        'stl' => [
+            'application/sla',
+            'application/vnd.ms-pki.stl',
+            'application/x-navistyle',
+        ],
+    ];
+
+    /**
+     * Attempts to determine the best mime type for the given file extension.
+     *
+     * @return string|null The mime type found, or none if unable to determine.
+     */
+    public static function guessTypeFromExtension(string $extension): array|string|null
+    {
+        $extension = trim(strtolower($extension), '. ');
+
+        if (! array_key_exists($extension, static::$mimes)) {
+            return null;
+        }
+
+        return is_array(static::$mimes[$extension]) ? static::$mimes[$extension][0] : static::$mimes[$extension];
+    }
+
+    /**
+     * Attempts to determine the best file extension for a given mime type.
+     *
+     * @param string|null $proposedExtension - default extension (in case there is more than one with the same mime type)
+     *
+     * @return string|null The extension determined, or null if unable to match.
+     */
+    public static function guessExtensionFromType(string $type, ?string $proposedExtension = null): ?string
+    {
+        $type = trim(strtolower($type), '. ');
+
+        $proposedExtension = trim(strtolower($proposedExtension ?? ''));
+
+        if (
+            $proposedExtension !== ''
+            && array_key_exists($proposedExtension, static::$mimes)
+            && in_array($type, (array) static::$mimes[$proposedExtension], true)
+        ) {
+            // The detected mime type matches with the proposed extension.
+            return $proposedExtension;
+        }
+
+        // Reverse check the mime type list if no extension was proposed.
+        // This search is order sensitive!
+        foreach (static::$mimes as $ext => $types) {
+            if (in_array($type, (array) $types, true)) {
+                return $ext;
+            }
+        }
+
+        return null;
+    }
+}

app/Config/Modules.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Modules\Modules as BaseModules;
+
+/**
+ * Modules Configuration.
+ *
+ * NOTE: This class is required prior to Autoloader instantiation,
+ *       and does not extend BaseConfig.
+ *
+ * @immutable
+ */
+class Modules extends BaseModules
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Enable Auto-Discovery?
+     * --------------------------------------------------------------------------
+     *
+     * If true, then auto-discovery will happen across all elements listed in
+     * $aliases below. If false, no auto-discovery will happen at all,
+     * giving a slight performance boost.
+     *
+     * @var bool
+     */
+    public $enabled = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Enable Auto-Discovery Within Composer Packages?
+     * --------------------------------------------------------------------------
+     *
+     * If true, then auto-discovery will happen across all namespaces loaded
+     * by Composer, as well as the namespaces configured locally.
+     *
+     * @var bool
+     */
+    public $discoverInComposer = true;
+
+    /**
+     * The Composer package list for Auto-Discovery
+     * This setting is optional.
+     *
+     * E.g.:
+     *   [
+     *       'only' => [
+     *           // List up all packages to auto-discover
+     *           'codeigniter4/shield',
+     *       ],
+     *   ]
+     *   or
+     *   [
+     *       'exclude' => [
+     *           // List up packages to exclude.
+     *           'pestphp/pest',
+     *       ],
+     *   ]
+     *
+     * @var array{only?: list<string>, exclude?: list<string>}
+     */
+    public $composerPackages = [];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Auto-Discovery Rules
+     * --------------------------------------------------------------------------
+     *
+     * Aliases list of all discovery classes that will be active and used during
+     * the current application request.
+     *
+     * If it is not listed, only the base application elements will be used.
+     *
+     * @var list<string>
+     */
+    public $aliases = [
+        'events',
+        'filters',
+        'registrars',
+        'routes',
+        'services',
+    ];
+}

app/Config/OSPOS.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace Config;
+
+use App\Models\Appconfig;
+use CodeIgniter\Cache\CacheInterface;
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * This class holds the configuration options stored from the database so that on launch those settings can be cached
+ * once in memory.  The settings are referenced frequently, so there is a significant performance hit to not storing
+ * them.
+ */
+class OSPOS extends BaseConfig
+{
+    public array $settings;
+    public string $commit_sha1 = 'dev';    // TODO: Travis scripts need to be updated to replace this with the commit hash on build
+    private CacheInterface $cache;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->cache = Services::cache();
+        $this->set_settings();
+    }
+
+    /**
+     * @return void
+     */
+    public function set_settings(): void
+    {
+        $cache = $this->cache->get('settings');
+
+        if ($cache) {
+            $this->settings = decode_array($cache);
+        } else {
+            $appconfig = model(Appconfig::class);
+            foreach ($appconfig->get_all()->getResult() as $app_config) {
+                $this->settings[$app_config->key] = $app_config->value;
+            }
+            $this->cache->save('settings', encode_array($this->settings));
+        }
+    }
+
+    /**
+     * @return void
+     */
+    public function update_settings(): void
+    {
+        $this->cache->delete('settings');
+        $this->set_settings();
+    }
+}

app/Config/Optimize.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace Config;
+
+/**
+ * Optimization Configuration.
+ *
+ * NOTE: This class does not extend BaseConfig for performance reasons.
+ *       So you cannot replace the property values with Environment Variables.
+ *
+ * @immutable
+ */
+class Optimize
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Config Caching
+     * --------------------------------------------------------------------------
+     *
+     * @see https://codeigniter.com/user_guide/concepts/factories.html#config-caching
+     */
+    public bool $configCacheEnabled = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Config Caching
+     * --------------------------------------------------------------------------
+     *
+     * @see https://codeigniter.com/user_guide/concepts/autoloader.html#file-locator-caching
+     */
+    public bool $locatorCacheEnabled = false;
+}

app/Config/Pager.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Pager extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Templates
+     * --------------------------------------------------------------------------
+     *
+     * Pagination links are rendered out using views to configure their
+     * appearance. This array contains aliases and the view names to
+     * use when rendering the links.
+     *
+     * Within each view, the Pager object will be available as $pager,
+     * and the desired group as $pagerGroup;
+     *
+     * @var array<string, string>
+     */
+    public array $templates = [
+        'default_full'   => 'CodeIgniter\Pager\Views\default_full',
+        'default_simple' => 'CodeIgniter\Pager\Views\default_simple',
+        'default_head'   => 'CodeIgniter\Pager\Views\default_head',
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Items Per Page
+     * --------------------------------------------------------------------------
+     *
+     * The default number of results shown in a single page.
+     */
+    public int $perPage = 20;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Bootstrap 3 pagination links styling
+     * --------------------------------------------------------------------------
+     *
+     * Source code from http://stackoverflow.com/questions/20088779/bootstrap-3-pagination-with-codeigniter
+     */
+    public $config = [
+        'full_tag_open'    => '<ul class="pagination pagination-sm">',
+        'full_tag_close'   => '</ul>',
+        'num_tag_open'     => '<li>',
+        'num_tag_close'    => '</li>',
+        'cur_tag_open'     => '<li class="disabled"><li class="active"><a href="#">',
+        'cur_tag_close'    => '<span class="sr-only"></span></a></li>',
+        'next_tag_open'    => '<li>',
+        'next_tagl_close'  => '</li>',
+        'prev_tag_open'    => '<li>',
+        'prev_tagl_close'  => '</li>',
+        'first_tag_open'   => '<li>',
+        'first_tagl_close' => '</li>',
+        'last_tag_open'    => '<li>',
+        'last_tagl_close'  => '</li>'
+    ];
+}

app/Config/Paths.php

@@ -0,0 +1,80 @@
+<?php
+
+namespace Config;
+
+/**
+ * Paths
+ *
+ * Holds the paths that are used by the system to
+ * locate the main directories, app, system, etc.
+ *
+ * Modifying these allows you to restructure your application,
+ * share a system folder between multiple applications, and more.
+ *
+ * All paths are relative to the project's root folder.
+ *
+ * NOTE: This class is required prior to Autoloader instantiation,
+ *       and does not extend BaseConfig.
+ *
+ * @immutable
+ */
+class Paths
+{
+    /**
+     * ---------------------------------------------------------------
+     * SYSTEM FOLDER NAME
+     * ---------------------------------------------------------------
+     *
+     * This must contain the name of your "system" folder. Include
+     * the path if the folder is not in the same directory as this file.
+     */
+    public string $systemDirectory = __DIR__ . '/../../vendor/codeigniter4/framework/system';
+
+    /**
+     * ---------------------------------------------------------------
+     * APPLICATION FOLDER NAME
+     * ---------------------------------------------------------------
+     *
+     * If you want this front controller to use a different "app"
+     * folder than the default one you can set its name here. The folder
+     * can also be renamed or relocated anywhere on your server. If
+     * you do, use a full server path.
+     *
+     * @see http://codeigniter.com/user_guide/general/managing_apps.html
+     */
+    public string $appDirectory = __DIR__ . '/..';
+
+    /**
+     * ---------------------------------------------------------------
+     * WRITABLE DIRECTORY NAME
+     * ---------------------------------------------------------------
+     *
+     * This variable must contain the name of your "writable" directory.
+     * The writable directory allows you to group all directories that
+     * need write permission to a single place that can be tucked away
+     * for maximum security, keeping it out of the app and/or
+     * system directories.
+     */
+    public string $writableDirectory = __DIR__ . '/../../writable';
+
+    /**
+     * ---------------------------------------------------------------
+     * TESTS DIRECTORY NAME
+     * ---------------------------------------------------------------
+     *
+     * This variable must contain the name of your "tests" directory.
+     */
+    public string $testsDirectory = __DIR__ . '/../../tests';
+
+    /**
+     * ---------------------------------------------------------------
+     * VIEW DIRECTORY NAME
+     * ---------------------------------------------------------------
+     *
+     * This variable must contain the name of the directory that
+     * contains the view files used by your application. By
+     * default this is in `app/Views`. This value
+     * is used when no value is provided to `Services::renderer()`.
+     */
+    public string $viewDirectory = __DIR__ . '/../Views';
+}

app/Config/Publisher.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\Publisher as BasePublisher;
+
+/**
+ * Publisher Configuration
+ *
+ * Defines basic security restrictions for the Publisher class
+ * to prevent abuse by injecting malicious files into a project.
+ */
+class Publisher extends BasePublisher
+{
+    /**
+     * A list of allowed destinations with a (pseudo-)regex
+     * of allowed files for each destination.
+     * Attempts to publish to directories not in this list will
+     * result in a PublisherException. Files that do no fit the
+     * pattern will cause copy/merge to fail.
+     *
+     * @var array<string, string>
+     */
+    public $restrictions = [
+        ROOTPATH => '*',
+        FCPATH   => '#\.(s?css|js|map|html?|xml|json|webmanifest|ttf|eot|woff2?|gif|jpe?g|tiff?|png|webp|bmp|ico|svg)$#i',
+    ];
+}

app/Config/Routes.php

@@ -0,0 +1,41 @@
+<?php
+
+use CodeIgniter\Router\RouteCollection;
+
+/**
+ * @var RouteCollection $routes
+ */
+$routes->setDefaultController('Login');
+
+$routes->get('/', 'Login::index');
+$routes->get('login', 'Login::index');
+$routes->post('login', 'Login::index');
+
+$routes->add('no_access/index/(:segment)', 'No_access::index/$1');
+$routes->add('no_access/index/(:segment)/(:segment)', 'No_access::index/$1/$2');
+
+$routes->add('reports/summary_(:any)/(:any)/(:any)', 'Reports::Summary_$1/$2/$3/$4');
+$routes->add('reports/summary_expenses_categories', 'Reports::date_input_only');
+$routes->add('reports/summary_payments', 'Reports::date_input_only');
+$routes->add('reports/summary_discounts', 'Reports::summary_discounts_input');
+$routes->add('reports/summary_(:any)', 'Reports::date_input');
+
+$routes->add('reports/graphical_(:any)/(:any)/(:any)', 'Reports::Graphical_$1/$2/$3/$4');
+$routes->add('reports/graphical_summary_expenses_categories', 'Reports::date_input_only');
+$routes->add('reports/graphical_summary_discounts', 'Reports::summary_discounts_input');
+$routes->add('reports/graphical_(:any)', 'Reports::date_input');
+
+$routes->add('reports/inventory_(:any)/(:any)', 'Reports::Inventory_$1/$2');
+$routes->add('reports/inventory_low', 'Reports::inventory_low');
+$routes->add('reports/inventory_summary', 'Reports::inventory_summary_input');
+$routes->add('reports/inventory_summary/(:any)/(:any)/(:any)', 'Reports::inventory_summary/$1/$2/$3');
+
+$routes->add('reports/detailed_(:any)/(:any)/(:any)/(:any)', 'Reports::Detailed_$1/$2/$3/$4');
+$routes->add('reports/detailed_sales', 'Reports::date_input_sales');
+$routes->add('reports/detailed_receivings', 'Reports::date_input_recv');
+
+$routes->add('reports/specific_(:any)/(:any)/(:any)/(:any)', 'Reports::Specific_$1/$2/$3/$4');
+$routes->add('reports/specific_customers', 'Reports::specific_customer_input');
+$routes->add('reports/specific_employees', 'Reports::specific_employee_input');
+$routes->add('reports/specific_discounts', 'Reports::specific_discount_input');
+$routes->add('reports/specific_suppliers', 'Reports::specific_supplier_input');

app/Config/Routing.php

@@ -0,0 +1,140 @@
+<?php
+
+/**
+ * This file is part of CodeIgniter 4 framework.
+ *
+ * (c) CodeIgniter Foundation <admin@codeigniter.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Config;
+
+use CodeIgniter\Config\Routing as BaseRouting;
+
+/**
+ * Routing configuration
+ */
+class Routing extends BaseRouting
+{
+    /**
+     * For Defined Routes.
+     * An array of files that contain route definitions.
+     * Route files are read in order, with the first match
+     * found taking precedence.
+     *
+     * Default: APPPATH . 'Config/Routes.php'
+     *
+     * @var list<string>
+     */
+    public array $routeFiles = [
+        APPPATH . 'Config/Routes.php',
+    ];
+
+    /**
+     * For Defined Routes and Auto Routing.
+     * The default namespace to use for Controllers when no other
+     * namespace has been specified.
+     *
+     * Default: 'App\Controllers'
+     */
+    public string $defaultNamespace = 'App\Controllers';
+
+    /**
+     * For Auto Routing.
+     * The default controller to use when no other controller has been
+     * specified.
+     *
+     * Default: 'Home'
+     */
+    public string $defaultController = 'Login';
+
+    /**
+     * For Defined Routes and Auto Routing.
+     * The default method to call on the controller when no other
+     * method has been set in the route.
+     *
+     * Default: 'index'
+     */
+    public string $defaultMethod = 'index';
+
+    /**
+     * For Auto Routing.
+     * Whether to translate dashes in URIs for controller/method to underscores.
+     * Primarily useful when using the auto-routing.
+     *
+     * Default: false
+     */
+    public bool $translateURIDashes = false;
+
+    /**
+     * Sets the class/method that should be called if routing doesn't
+     * find a match. It can be the controller/method name like: Users::index
+     *
+     * This setting is passed to the Router class and handled there.
+     *
+     * If you want to use a closure, you will have to set it in the
+     * routes file by calling:
+     *
+     * $routes->set404Override(function() {
+     *    // Do something here
+     * });
+     *
+     * Example:
+     *  public $override404 = 'App\Errors::show404';
+     */
+    public ?string $override404 = null;
+
+    /**
+     * If TRUE, the system will attempt to match the URI against
+     * Controllers by matching each segment against folders/files
+     * in APPPATH/Controllers, when a match wasn't found against
+     * defined routes.
+     *
+     * If FALSE, will stop searching and do NO automatic routing.
+     */
+    public bool $autoRoute = true;
+
+    /**
+     * For Defined Routes.
+     * If TRUE, will enable the use of the 'prioritize' option
+     * when defining routes.
+     *
+     * Default: false
+     */
+    public bool $prioritize = false;
+
+    /**
+     * For Defined Routes.
+     * If TRUE, matched multiple URI segments will be passed as one parameter.
+     *
+     * Default: false
+     */
+    public bool $multipleSegmentsOneParam = false;
+
+    /**
+     * For Auto Routing (Improved).
+     * Map of URI segments and namespaces.
+     *
+     * The key is the first URI segment. The value is the controller namespace.
+     * E.g.,
+     *   [
+     *       'blog' => 'Acme\Blog\Controllers',
+     *   ]
+     *
+     * @var array<string, string>
+     */
+    public array $moduleRoutes = [];
+
+    /**
+     * For Auto Routing (Improved).
+     * Whether to translate dashes in URIs for controller/method to CamelCase.
+     * E.g., blog-controller -> BlogController
+     *
+     * If you enable this, $translateURIDashes is ignored.
+     *
+     * Default: false
+     */
+    public bool $translateUriToCamelCase = false;
+}

app/Config/Security.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Security extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Protection Method
+     * --------------------------------------------------------------------------
+     *
+     * Protection Method for Cross Site Request Forgery protection.
+     *
+     * @var string|false 'cookie', 'session', or false
+     */
+    public string|false $csrfProtection = 'session';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Randomization
+     * --------------------------------------------------------------------------
+     *
+     * Randomize the CSRF Token for added security.
+     */
+    public bool $tokenRandomize = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Token Name
+     * --------------------------------------------------------------------------
+     *
+     * Token name for Cross Site Request Forgery protection.
+     */
+    public string $tokenName = 'csrf_ospos_v4';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Header Name
+     * --------------------------------------------------------------------------
+     *
+     * Header name for Cross Site Request Forgery protection.
+     */
+    public string $headerName = 'X-CSRF-TOKEN';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Cookie Name
+     * --------------------------------------------------------------------------
+     *
+     * Cookie name for Cross Site Request Forgery protection.
+     */
+    public string $cookieName = 'csrf_cookie_ospos_v4';
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Expires
+     * --------------------------------------------------------------------------
+     *
+     * Expiration time for Cross Site Request Forgery protection cookie.
+     *
+     * Defaults to two hours (in seconds).
+     */
+    public int $expires = 7200;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Regenerate
+     * --------------------------------------------------------------------------
+     *
+     * Regenerate CSRF Token on every submission.
+     */
+    public bool $regenerate = false;
+
+    /**
+     * --------------------------------------------------------------------------
+     * CSRF Redirect
+     * --------------------------------------------------------------------------
+     *
+     * Redirect to previous page with error on failure.
+     *
+     * @see https://codeigniter4.github.io/userguide/libraries/security.html#redirection-on-failure
+     */
+    public bool $redirect = (ENVIRONMENT === 'production');
+}

app/Config/Services.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace Config;
+
+use Locale;
+use HTMLPurifier;
+use HTMLPurifier_Config;
+use CodeIgniter\Config\BaseService;
+use Config\Services as AppServices;
+use CodeIgniter\HTTP\IncomingRequest;
+
+/**
+ * Services Configuration file.
+ *
+ * Services are simply other classes/libraries that the system uses
+ * to do its job. This is used by CodeIgniter to allow the core of the
+ * framework to be swapped out easily without affecting the usage within
+ * the rest of your application.
+ *
+ * This file holds any application-specific services, or service overrides
+ * that you might need. An example has been included with the general
+ * method format you should use for your service methods. For more examples,
+ * see the core Services file at system/Config/Services.php.
+ */
+class Services extends BaseService
+{
+    /*
+     * public static function example($getShared = true)
+     * {
+     *     if ($getShared) {
+     *         return static::getSharedInstance('example');
+     *     }
+     *
+     *     return new \CodeIgniter\Example();
+     * }
+     */
+
+    /**
+     * Responsible for loading the language string translations.
+     *
+     * @return MY_Language
+     */
+    public static function language(?string $locale = null, bool $getShared = true)
+    {
+        if ($getShared) {
+            return static::getSharedInstance('language', $locale)->setLocale($locale);
+        }
+
+        if (AppServices::get('request') instanceof IncomingRequest) {
+            $requestLocale = AppServices::get('request')->getLocale();
+        } else {
+            $requestLocale = Locale::getDefault();
+        }
+
+        // Use '?:' for empty string check
+        $locale = $locale ?: $requestLocale;
+
+        return new \App\Libraries\MY_Language($locale);
+    }
+
+    private static $htmlPurifier;
+
+    public static function htmlPurifier($getShared = true)
+    {
+        if ($getShared) {
+            return static::getSharedInstance('htmlPurifier');
+        }
+
+        if (!isset(static::$htmlPurifier)) {
+            $config = HTMLPurifier_Config::createDefault();
+            static::$htmlPurifier = new HTMLPurifier($config);
+        }
+
+        return static::$htmlPurifier;
+    }
+}

app/Config/Session.php

@@ -0,0 +1,127 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Session\Handlers\BaseHandler;
+use CodeIgniter\Session\Handlers\DatabaseHandler;
+
+class Session extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Session Driver
+     * --------------------------------------------------------------------------
+     *
+     * The session storage driver to use:
+     * - `CodeIgniter\Session\Handlers\FileHandler`
+     * - `CodeIgniter\Session\Handlers\DatabaseHandler`
+     * - `CodeIgniter\Session\Handlers\MemcachedHandler`
+     * - `CodeIgniter\Session\Handlers\RedisHandler`
+     *
+     * @var class-string<BaseHandler>
+     */
+    public string $driver = DatabaseHandler::class;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Cookie Name
+     * --------------------------------------------------------------------------
+     *
+     * The session cookie name, must contain only [0-9a-z_-] characters
+     */
+    public string $cookieName = 'ospos_session';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Expiration
+     * --------------------------------------------------------------------------
+     *
+     * The number of SECONDS you want the session to last.
+     * Setting to 0 (zero) means expire when the browser is closed.
+     */
+    public int $expiration = 7200;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Save Path
+     * --------------------------------------------------------------------------
+     *
+     * The location to save sessions to and is driver dependent.
+     *
+     * For the 'files' driver, it's a path to a writable directory.
+     * WARNING: Only absolute paths are supported!
+     *
+     * For the 'database' driver, it's a table name.
+     * Please read up the manual for the format with other session drivers.
+     *
+     * IMPORTANT: You are REQUIRED to set a valid save path!
+     */
+    public string $savePath = 'sessions';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Match IP
+     * --------------------------------------------------------------------------
+     *
+     * Whether to match the user's IP address when reading the session data.
+     *
+     * WARNING: If you're using the database driver, don't forget to update
+     *          your session table's PRIMARY KEY when changing this setting.
+     */
+    public bool $matchIP = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Time to Update
+     * --------------------------------------------------------------------------
+     *
+     * How many seconds between CI regenerating the session ID.
+     */
+    public int $timeToUpdate = 300;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Regenerate Destroy
+     * --------------------------------------------------------------------------
+     *
+     * Whether to destroy session data associated with the old session ID
+     * when auto-regenerating the session ID. When set to FALSE, the data
+     * will be later deleted by the garbage collector.
+     */
+    public bool $regenerateDestroy = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Session Database Group
+     * --------------------------------------------------------------------------
+     *
+     * DB Group for the database session.
+     */
+    public ?string $DBGroup = null;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Lock Retry Interval (microseconds)
+     * --------------------------------------------------------------------------
+     *
+     * This is used for RedisHandler.
+     *
+     * Time (microseconds) to wait if lock cannot be acquired.
+     * The default is 100,000 microseconds (= 0.1 seconds).
+     */
+    public int $lockRetryInterval = 100_000;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Lock Max Retries
+     * --------------------------------------------------------------------------
+     *
+     * This is used for RedisHandler.
+     *
+     * Maximum number of lock acquisition attempts.
+     * The default is 300 times. That is lock timeout is about 30 (0.1 * 300)
+     * seconds.
+     */
+    public int $lockMaxRetries = 300;
+}

app/Config/Toolbar.php

@@ -0,0 +1,122 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Debug\Toolbar\Collectors\Database;
+use CodeIgniter\Debug\Toolbar\Collectors\Events;
+use CodeIgniter\Debug\Toolbar\Collectors\Files;
+use CodeIgniter\Debug\Toolbar\Collectors\Logs;
+use CodeIgniter\Debug\Toolbar\Collectors\Routes;
+use CodeIgniter\Debug\Toolbar\Collectors\Timers;
+use CodeIgniter\Debug\Toolbar\Collectors\Views;
+
+/**
+ * --------------------------------------------------------------------------
+ * Debug Toolbar
+ * --------------------------------------------------------------------------
+ *
+ * The Debug Toolbar provides a way to see information about the performance
+ * and state of your application during that page display. By default it will
+ * NOT be displayed under production environments, and will only display if
+ * `CI_DEBUG` is true, since if it's not, there's not much to display anyway.
+ */
+class Toolbar extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * Toolbar Collectors
+     * --------------------------------------------------------------------------
+     *
+     * List of toolbar collectors that will be called when Debug Toolbar
+     * fires up and collects data from.
+     *
+     * @var list<class-string>
+     */
+    public array $collectors = [
+        Timers::class,
+        Database::class,
+        Logs::class,
+        Views::class,
+        // \CodeIgniter\Debug\Toolbar\Collectors\Cache::class,
+        Files::class,
+        Routes::class,
+        Events::class,
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Collect Var Data
+     * --------------------------------------------------------------------------
+     *
+     * If set to false var data from the views will not be collected. Useful to
+     * avoid high memory usage when there are lots of data passed to the view.
+     */
+    public bool $collectVarData = true;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Max History
+     * --------------------------------------------------------------------------
+     *
+     * `$maxHistory` sets a limit on the number of past requests that are stored,
+     * helping to conserve file space used to store them. You can set it to
+     * 0 (zero) to not have any history stored, or -1 for unlimited history.
+     */
+    public int $maxHistory = 20;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Toolbar Views Path
+     * --------------------------------------------------------------------------
+     *
+     * The full path to the the views that are used by the toolbar.
+     * This MUST have a trailing slash.
+     */
+    public string $viewsPath = SYSTEMPATH . 'Debug/Toolbar/Views/';
+
+    /**
+     * --------------------------------------------------------------------------
+     * Max Queries
+     * --------------------------------------------------------------------------
+     *
+     * If the Database Collector is enabled, it will log every query that the
+     * the system generates so they can be displayed on the toolbar's timeline
+     * and in the query log. This can lead to memory issues in some instances
+     * with hundreds of queries.
+     *
+     * `$maxQueries` defines the maximum amount of queries that will be stored.
+     */
+    public int $maxQueries = 100;
+
+    /**
+     * --------------------------------------------------------------------------
+     * Watched Directories
+     * --------------------------------------------------------------------------
+     *
+     * Contains an array of directories that will be watched for changes and
+     * used to determine if the hot-reload feature should reload the page or not.
+     * We restrict the values to keep performance as high as possible.
+     *
+     * NOTE: The ROOTPATH will be prepended to all values.
+     *
+     * @var list<string>
+     */
+    public array $watchedDirectories = [
+        'app',
+    ];
+
+    /**
+     * --------------------------------------------------------------------------
+     * Watched File Extensions
+     * --------------------------------------------------------------------------
+     *
+     * Contains an array of file extensions that will be watched for changes and
+     * used to determine if the hot-reload feature should reload the page or not.
+     *
+     * @var list<string>
+     */
+    public array $watchedExtensions = [
+        'php', 'css', 'js', 'html', 'svg', 'json', 'env',
+    ];
+}

app/Config/UserAgents.php

@@ -0,0 +1,252 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+/**
+ * -------------------------------------------------------------------
+ * User Agents
+ * -------------------------------------------------------------------
+ *
+ * This file contains four arrays of user agent data. It is used by the
+ * User Agent Class to help identify browser, platform, robot, and
+ * mobile device data. The array keys are used to identify the device
+ * and the array values are used to set the actual name of the item.
+ */
+class UserAgents extends BaseConfig
+{
+    /**
+     * -------------------------------------------------------------------
+     * OS Platforms
+     * -------------------------------------------------------------------
+     *
+     * @var array<string, string>
+     */
+    public array $platforms = [
+        'windows nt 10.0' => 'Windows 10',
+        'windows nt 6.3'  => 'Windows 8.1',
+        'windows nt 6.2'  => 'Windows 8',
+        'windows nt 6.1'  => 'Windows 7',
+        'windows nt 6.0'  => 'Windows Vista',
+        'windows nt 5.2'  => 'Windows 2003',
+        'windows nt 5.1'  => 'Windows XP',
+        'windows nt 5.0'  => 'Windows 2000',
+        'windows nt 4.0'  => 'Windows NT 4.0',
+        'winnt4.0'        => 'Windows NT 4.0',
+        'winnt 4.0'       => 'Windows NT',
+        'winnt'           => 'Windows NT',
+        'windows 98'      => 'Windows 98',
+        'win98'           => 'Windows 98',
+        'windows 95'      => 'Windows 95',
+        'win95'           => 'Windows 95',
+        'windows phone'   => 'Windows Phone',
+        'windows'         => 'Unknown Windows OS',
+        'android'         => 'Android',
+        'blackberry'      => 'BlackBerry',
+        'iphone'          => 'iOS',
+        'ipad'            => 'iOS',
+        'ipod'            => 'iOS',
+        'os x'            => 'Mac OS X',
+        'ppc mac'         => 'Power PC Mac',
+        'freebsd'         => 'FreeBSD',
+        'ppc'             => 'Macintosh',
+        'linux'           => 'Linux',
+        'debian'          => 'Debian',
+        'sunos'           => 'Sun Solaris',
+        'beos'            => 'BeOS',
+        'apachebench'     => 'ApacheBench',
+        'aix'             => 'AIX',
+        'irix'            => 'Irix',
+        'osf'             => 'DEC OSF',
+        'hp-ux'           => 'HP-UX',
+        'netbsd'          => 'NetBSD',
+        'bsdi'            => 'BSDi',
+        'openbsd'         => 'OpenBSD',
+        'gnu'             => 'GNU/Linux',
+        'unix'            => 'Unknown Unix OS',
+        'symbian'         => 'Symbian OS',
+    ];
+
+    /**
+     * -------------------------------------------------------------------
+     * Browsers
+     * -------------------------------------------------------------------
+     *
+     * The order of this array should NOT be changed. Many browsers return
+     * multiple browser types so we want to identify the subtype first.
+     *
+     * @var array<string, string>
+     */
+    public array $browsers = [
+        'OPR'    => 'Opera',
+        'Flock'  => 'Flock',
+        'Edge'   => 'Spartan',
+        'Edg'    => 'Edge',
+        'Chrome' => 'Chrome',
+        // Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
+        'Opera.*?Version'   => 'Opera',
+        'Opera'             => 'Opera',
+        'MSIE'              => 'Internet Explorer',
+        'Internet Explorer' => 'Internet Explorer',
+        'Trident.* rv'      => 'Internet Explorer',
+        'Shiira'            => 'Shiira',
+        'Firefox'           => 'Firefox',
+        'Chimera'           => 'Chimera',
+        'Phoenix'           => 'Phoenix',
+        'Firebird'          => 'Firebird',
+        'Camino'            => 'Camino',
+        'Netscape'          => 'Netscape',
+        'OmniWeb'           => 'OmniWeb',
+        'Safari'            => 'Safari',
+        'Mozilla'           => 'Mozilla',
+        'Konqueror'         => 'Konqueror',
+        'icab'              => 'iCab',
+        'Lynx'              => 'Lynx',
+        'Links'             => 'Links',
+        'hotjava'           => 'HotJava',
+        'amaya'             => 'Amaya',
+        'IBrowse'           => 'IBrowse',
+        'Maxthon'           => 'Maxthon',
+        'Ubuntu'            => 'Ubuntu Web Browser',
+        'Vivaldi'           => 'Vivaldi',
+    ];
+
+    /**
+     * -------------------------------------------------------------------
+     * Mobiles
+     * -------------------------------------------------------------------
+     *
+     * @var array<string, string>
+     */
+    public array $mobiles = [
+        // legacy array, old values commented out
+        'mobileexplorer' => 'Mobile Explorer',
+        // 'openwave'             => 'Open Wave',
+        // 'opera mini'           => 'Opera Mini',
+        // 'operamini'            => 'Opera Mini',
+        // 'elaine'               => 'Palm',
+        'palmsource' => 'Palm',
+        // 'digital paths'        => 'Palm',
+        // 'avantgo'              => 'Avantgo',
+        // 'xiino'                => 'Xiino',
+        'palmscape' => 'Palmscape',
+        // 'nokia'                => 'Nokia',
+        // 'ericsson'             => 'Ericsson',
+        // 'blackberry'           => 'BlackBerry',
+        // 'motorola'             => 'Motorola'
+
+        // Phones and Manufacturers
+        'motorola'             => 'Motorola',
+        'nokia'                => 'Nokia',
+        'palm'                 => 'Palm',
+        'iphone'               => 'Apple iPhone',
+        'ipad'                 => 'iPad',
+        'ipod'                 => 'Apple iPod Touch',
+        'sony'                 => 'Sony Ericsson',
+        'ericsson'             => 'Sony Ericsson',
+        'blackberry'           => 'BlackBerry',
+        'cocoon'               => 'O2 Cocoon',
+        'blazer'               => 'Treo',
+        'lg'                   => 'LG',
+        'amoi'                 => 'Amoi',
+        'xda'                  => 'XDA',
+        'mda'                  => 'MDA',
+        'vario'                => 'Vario',
+        'htc'                  => 'HTC',
+        'samsung'              => 'Samsung',
+        'sharp'                => 'Sharp',
+        'sie-'                 => 'Siemens',
+        'alcatel'              => 'Alcatel',
+        'benq'                 => 'BenQ',
+        'ipaq'                 => 'HP iPaq',
+        'mot-'                 => 'Motorola',
+        'playstation portable' => 'PlayStation Portable',
+        'playstation 3'        => 'PlayStation 3',
+        'playstation vita'     => 'PlayStation Vita',
+        'hiptop'               => 'Danger Hiptop',
+        'nec-'                 => 'NEC',
+        'panasonic'            => 'Panasonic',
+        'philips'              => 'Philips',
+        'sagem'                => 'Sagem',
+        'sanyo'                => 'Sanyo',
+        'spv'                  => 'SPV',
+        'zte'                  => 'ZTE',
+        'sendo'                => 'Sendo',
+        'nintendo dsi'         => 'Nintendo DSi',
+        'nintendo ds'          => 'Nintendo DS',
+        'nintendo 3ds'         => 'Nintendo 3DS',
+        'wii'                  => 'Nintendo Wii',
+        'open web'             => 'Open Web',
+        'openweb'              => 'OpenWeb',
+
+        // Operating Systems
+        'android'    => 'Android',
+        'symbian'    => 'Symbian',
+        'SymbianOS'  => 'SymbianOS',
+        'elaine'     => 'Palm',
+        'series60'   => 'Symbian S60',
+        'windows ce' => 'Windows CE',
+
+        // Browsers
+        'obigo'         => 'Obigo',
+        'netfront'      => 'Netfront Browser',
+        'openwave'      => 'Openwave Browser',
+        'mobilexplorer' => 'Mobile Explorer',
+        'operamini'     => 'Opera Mini',
+        'opera mini'    => 'Opera Mini',
+        'opera mobi'    => 'Opera Mobile',
+        'fennec'        => 'Firefox Mobile',
+
+        // Other
+        'digital paths' => 'Digital Paths',
+        'avantgo'       => 'AvantGo',
+        'xiino'         => 'Xiino',
+        'novarra'       => 'Novarra Transcoder',
+        'vodafone'      => 'Vodafone',
+        'docomo'        => 'NTT DoCoMo',
+        'o2'            => 'O2',
+
+        // Fallback
+        'mobile'     => 'Generic Mobile',
+        'wireless'   => 'Generic Mobile',
+        'j2me'       => 'Generic Mobile',
+        'midp'       => 'Generic Mobile',
+        'cldc'       => 'Generic Mobile',
+        'up.link'    => 'Generic Mobile',
+        'up.browser' => 'Generic Mobile',
+        'smartphone' => 'Generic Mobile',
+        'cellphone'  => 'Generic Mobile',
+    ];
+
+    /**
+     * -------------------------------------------------------------------
+     * Robots
+     * -------------------------------------------------------------------
+     *
+     * There are hundred of bots but these are the most common.
+     *
+     * @var array<string, string>
+     */
+    public array $robots = [
+        'googlebot'            => 'Googlebot',
+        'msnbot'               => 'MSNBot',
+        'baiduspider'          => 'Baiduspider',
+        'bingbot'              => 'Bing',
+        'slurp'                => 'Inktomi Slurp',
+        'yahoo'                => 'Yahoo',
+        'ask jeeves'           => 'Ask Jeeves',
+        'fastcrawler'          => 'FastCrawler',
+        'infoseek'             => 'InfoSeek Robot 1.0',
+        'lycos'                => 'Lycos',
+        'yandex'               => 'YandexBot',
+        'mediapartners-google' => 'MediaPartners Google',
+        'CRAZYWEBCRAWLER'      => 'Crazy Webcrawler',
+        'adsbot-google'        => 'AdsBot Google',
+        'feedfetcher-google'   => 'Feedfetcher Google',
+        'curious george'       => 'Curious George',
+        'ia_archiver'          => 'Alexa Crawler',
+        'MJ12bot'              => 'Majestic-12',
+        'Uptimebot'            => 'Uptimebot',
+    ];
+}

app/Config/Validation.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Validation\StrictRules\CreditCardRules;
+use CodeIgniter\Validation\StrictRules\FileRules;
+use CodeIgniter\Validation\StrictRules\FormatRules;
+use CodeIgniter\Validation\StrictRules\Rules;
+use App\Config\Validation\OSPOSRules;
+
+class Validation extends BaseConfig
+{
+    // --------------------------------------------------------------------
+    // Setup
+    // --------------------------------------------------------------------
+
+    /**
+     * Stores the classes that contain the
+     * rules that are available.
+     *
+     * @var list<string>
+     */
+    public array $ruleSets = [
+        Rules::class,
+        FormatRules::class,
+        FileRules::class,
+        CreditCardRules::class,
+        OSPOSRules::class,
+    ];
+
+    /**
+     * Specifies the views that are used to display the
+     * errors.
+     *
+     * @var array<string, string>
+     */
+    public array $templates = [
+        'list'   => 'CodeIgniter\Validation\Views\list',
+        'single' => 'CodeIgniter\Validation\Views\single',
+    ];
+
+    // --------------------------------------------------------------------
+    // Rules
+    // --------------------------------------------------------------------
+}

app/Config/Validation/OSPOSRules.php

@@ -0,0 +1,138 @@
+<?php
+
+namespace App\Config\Validation;
+
+use App\Models\Employee;
+use CodeIgniter\HTTP\IncomingRequest;
+use Config\OSPOS;
+use Config\Services;
+
+/**
+ * @property Employee employee
+ * @property IncomingRequest request
+ */
+class OSPOSRules
+{
+    private IncomingRequest $request;
+    private array $config;
+
+    /**
+     * Validates the username and password sent to the login view. User is logged in on successful validation.
+     *
+     * @param string $username Username to check against.
+     * @param string $fields Comma separated string of the fields for validation.
+     * @param array $data Data sent to the view.
+     * @param string|null $error The error sent back to the validation handler on failure.
+     * @return bool True if validation passes or false if there are errors.
+     * @noinspection PhpUnused
+     */
+    public function login_check(string $username, string $fields, array $data, ?string &$error = null): bool
+    {
+        $employee = model(Employee::class);
+        $this->request = Services::request();
+        $this->config = config(OSPOS::class)->settings;
+
+        // Installation Check
+        if (!$this->installation_check()) {
+            $error = lang('Login.invalid_installation');
+
+            return false;
+        }
+
+        $password = $data['password'];
+        if (!$employee->login($username, $password)) {
+            $error = lang('Login.invalid_username_and_password');
+
+            return false;
+        }
+
+        $gcaptcha_enabled = array_key_exists('gcaptcha_enable', $this->config) && $this->config['gcaptcha_enable'];
+        if ($gcaptcha_enabled) {
+            $g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
+
+            if (!$this->gcaptcha_check($g_recaptcha_response)) {
+                $error = lang('Login.invalid_gcaptcha');
+
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Checks to see if GCaptcha verification was successful.
+     *
+     * @param $response
+     * @return bool true on successful GCaptcha verification or false if GCaptcha failed.
+     */
+    private function gcaptcha_check($response): bool
+    {
+        if (!empty($response)) {
+            $check = [
+                'secret'   => $this->config['gcaptcha_secret_key'],
+                'response' => $response,
+                'remoteip' => $this->request->getIPAddress()
+            ];
+
+            $ch = curl_init();
+
+            curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
+            curl_setopt($ch, CURLOPT_POST, true);
+            curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+            $result = curl_exec($ch);
+
+            curl_close($ch);
+
+            $status = json_decode($result, true);
+
+            if (!empty($status['success'])) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Checks to make sure dependency PHP extensions are installed
+     *
+     * @return bool
+     */
+    private function installation_check(): bool
+    {
+        $installed_extensions = implode(', ', get_loaded_extensions());
+        $required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl', 'xml', 'json'];
+        $pattern = '/';
+
+        foreach ($required_extensions as $extension) {
+            $pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
+        }
+
+        $pattern .= '/i';
+        $is_installed = preg_match($pattern, $installed_extensions);
+
+        if (!$is_installed) {
+            log_message('error', '[ERROR] Check your php.ini.');
+            log_message('error', "PHP installed extensions: $installed_extensions");
+            log_message('error', 'PHP required extensions: ' . implode(', ', $required_extensions));
+        }
+
+        return $is_installed;
+    }
+
+    /**
+     * Validates the candidate as a decimal number. Takes the locale into account. Used in validation rule calls.
+     *
+     * @param string $candidate
+     * @param string|null $error
+     * @return bool
+     * @noinspection PhpUnused
+     */
+    public function decimal_locale(string $candidate, ?string &$error = null): bool
+    {
+        return parse_decimals($candidate) !== false;
+    }
+}

app/Config/View.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\View as BaseView;
+use CodeIgniter\View\ViewDecoratorInterface;
+
+/**
+ * @phpstan-type parser_callable (callable(mixed): mixed)
+ * @phpstan-type parser_callable_string (callable(mixed): mixed)&string
+ */
+class View extends BaseView
+{
+    /**
+     * When false, the view method will clear the data between each
+     * call. This keeps your data safe and ensures there is no accidental
+     * leaking between calls, so you would need to explicitly pass the data
+     * to each view. You might prefer to have the data stick around between
+     * calls so that it is available to all views. If that is the case,
+     * set $saveData to true.
+     *
+     * @var bool
+     */
+    public $saveData = true;
+
+    /**
+     * Parser Filters map a filter name with any PHP callable. When the
+     * Parser prepares a variable for display, it will chain it
+     * through the filters in the order defined, inserting any parameters.
+     * To prevent potential abuse, all filters MUST be defined here
+     * in order for them to be available for use within the Parser.
+     *
+     * Examples:
+     *  { title|esc(js) }
+     *  { created_on|date(Y-m-d)|esc(attr) }
+     *
+     * @var         array<string, string>
+     * @phpstan-var array<string, parser_callable_string>
+     */
+    public $filters = [];
+
+    /**
+     * Parser Plugins provide a way to extend the functionality provided
+     * by the core Parser by creating aliases that will be replaced with
+     * any callable. Can be single or tag pair.
+     *
+     * @var         array<string, callable|list<string>|string>
+     * @phpstan-var array<string, list<parser_callable_string>|parser_callable_string|parser_callable>
+     */
+    public $plugins = [];
+
+    /**
+     * View Decorators are class methods that will be run in sequence to
+     * have a chance to alter the generated output just prior to caching
+     * the results.
+     *
+     * All classes must implement CodeIgniter\View\ViewDecoratorInterface
+     *
+     * @var list<class-string<ViewDecoratorInterface>>
+     */
+    public array $decorators = [];
+}

app/Controllers/Attributes.php

@@ -0,0 +1,234 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Attribute;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+
+require_once('Secure_Controller.php');
+
+/**
+ * Attributes controls the custom attributes assigned to items
+ **/
+class Attributes extends Secure_Controller
+{
+    private Attribute $attribute;
+
+    public function __construct()
+    {
+        parent::__construct('attributes');
+
+        $this->attribute = model(Attribute::class);
+    }
+
+    /**
+     * Gets and sends the main view for Attributes to the browser.
+     *
+     * @return string
+     **/
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_attribute_definition_manage_table_headers();
+
+        return view('attributes/manage', $data);
+    }
+
+    /**
+     * Returns attribute table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(attribute_definition_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'definition_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $attributes = $this->attribute->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->attribute->get_found_rows($search);
+
+        $data_rows = [];
+        foreach ($attributes->getResult() as $attribute_row) {
+            $attribute_row->definition_flags = $this->get_attributes($attribute_row->definition_flags);
+            $data_rows[] = get_attribute_definition_data_row($attribute_row);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * AJAX called function which saves the attribute value sent via POST by using the model save function.
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveAttributeValue(): ResponseInterface
+    {
+        $success = $this->attribute->saveAttributeValue(
+            html_entity_decode($this->request->getPost('attribute_value')),
+            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT),
+            $this->request->getPost('item_id', FILTER_SANITIZE_NUMBER_INT) ?? false,
+            $this->request->getPost('attribute_id', FILTER_SANITIZE_NUMBER_INT) ?? false
+        );
+
+        return $this->response->setJSON(['success' => $success != 0]);
+    }
+
+    /**
+     * AJAX called function deleting an attribute value using the model delete function.
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postDeleteDropdownAttributeValue(): ResponseInterface
+    {
+        $success = $this->attribute->deleteDropdownAttributeValue(
+            html_entity_decode($this->request->getPost('attribute_value')),
+            $this->request->getPost('definition_id', FILTER_SANITIZE_NUMBER_INT)
+        );
+
+        return $this->response->setJSON(['success' => $success]);
+    }
+
+    /**
+     * AJAX called function which saves the attribute definition.
+     *
+     * @param int $definition_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveDefinition(int $definition_id = NO_DEFINITION_ID): ResponseInterface
+    {
+        $definition_flags = 0;
+
+        $flags = (empty($this->request->getPost('definition_flags'))) ? [] : $this->request->getPost('definition_flags', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        foreach ($flags as $flag) {
+            $definition_flags |= $flag;
+        }
+
+        // Save definition data
+        $definition_data = [
+            'definition_name'  => $this->request->getPost('definition_name'),
+            'definition_unit'  => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
+            'definition_flags' => $definition_flags,
+            'definition_fk'    => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : null
+        ];
+
+        if ($this->request->getPost('definition_type') != null) {
+            $definition_data['definition_type'] = DEFINITION_TYPES[$this->request->getPost('definition_type')];
+        }
+
+        $definition_name = $definition_data['definition_name'];
+
+        if ($this->attribute->save_definition($definition_data, $definition_id)) {
+            // New definition
+            if ($definition_id == NO_DEFINITION_ID) {
+                $definition_values = json_decode(html_entity_decode($this->request->getPost('definition_values')));
+
+                foreach ($definition_values as $definition_value) {
+                    $this->attribute->saveAttributeValue($definition_value, $definition_data['definition_id']);
+                }
+
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Attributes.definition_successful_adding') . ' ' . $definition_name,
+                    'id'      => $definition_data['definition_id']
+                ]);
+            } else { // Existing definition
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Attributes.definition_successful_updating') . ' ' . $definition_name,
+                    'id'      => $definition_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Attributes.definition_error_adding_updating', [$definition_name]),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     *
+     * @param int $definition_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getSuggestAttribute(int $definition_id): ResponseInterface
+    {
+        $suggestions = $this->attribute->get_suggestions($definition_id, html_entity_decode($this->request->getGet('term')));
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $attribute_definition_info = $this->attribute->getAttributeInfo($row_id);
+        $attribute_definition_info->definition_flags = $this->get_attributes($attribute_definition_info->definition_flags);
+        $data_row = get_attribute_definition_data_row($attribute_definition_info);
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * @param int $definition_flags
+     * @return array
+     */
+    private function get_attributes(int $definition_flags = 0): array
+    {
+        $definition_flag_names = [];
+        foreach (Attribute::get_definition_flags() as $id => $term) {
+            if ($id & $definition_flags) {
+                $definition_flag_names[$id] = lang('Attributes.' . strtolower($term) . '_visibility');
+            }
+        }
+        return $definition_flag_names;
+    }
+
+    /**
+     * @param int $definition_id
+     * @return string
+     */
+    public function getView(int $definition_id = NO_DEFINITION_ID): string
+    {
+        $info = $this->attribute->getAttributeInfo($definition_id);
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+
+        $data['definition_id'] = $definition_id;
+        $data['definition_values'] = $this->attribute->get_definition_values($definition_id);
+        $data['definition_group'] = $this->attribute->get_definitions_by_type(GROUP, $definition_id);
+        $data['definition_group'][''] = lang('Common.none_selected_text');
+        $data['definition_info'] = $info;
+
+        $show_all = Attribute::SHOW_IN_ITEMS | Attribute::SHOW_IN_RECEIVINGS | Attribute::SHOW_IN_SALES;
+        $data['definition_flags'] = $this->get_attributes($show_all);
+        $selected_flags = $info->definition_flags === '' ? $show_all : $info->definition_flags;
+        $data['selected_definition_flags'] = $this->get_attributes($selected_flags);
+
+        return view('attributes/form', $data);
+    }
+
+    /**
+     * Deletes an attribute definition
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $attributes_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if($this->attribute->deleteDefinitionList($attributes_to_delete)) {
+            $message = lang('Attributes.definition_successful_deleted') . ' ' . count($attributes_to_delete) . ' ' . lang('Attributes.definition_one_or_multiple');
+            return $this->response->setJSON(['success' => true, 'message' => $message]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Attributes.definition_cannot_be_deleted')]);
+        }
+    }
+}

app/Controllers/BaseController.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Controllers;
+
+use CodeIgniter\Controller;
+use CodeIgniter\HTTP\CLIRequest;
+use CodeIgniter\HTTP\IncomingRequest;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+use Psr\Log\LoggerInterface;
+
+/**
+ * Class BaseController
+ *
+ * BaseController provides a convenient place for loading components
+ * and performing functions that are needed by all your controllers.
+ * Extend this class in any new controllers:
+ *     class Home extends BaseController
+ *
+ * For security be sure to declare any new methods as protected or private.
+ */
+abstract class BaseController extends Controller
+{
+    /**
+     * Instance of the main Request object.
+     *
+     * @var CLIRequest|IncomingRequest
+     */
+    protected $request;
+
+    /**
+     * An array of helpers to be loaded automatically upon
+     * class instantiation. These helpers will be available
+     * to all other controllers that extend BaseController.
+     *
+     * @var list<string>
+     */
+    protected $helpers = [];
+
+    /**
+     * Be sure to declare properties for any property fetch you initialized.
+     * The creation of dynamic property is deprecated in PHP 8.2.
+     */
+    // protected $session;
+
+    /**
+     * @return void
+     */
+    public function initController(RequestInterface $request, ResponseInterface $response, LoggerInterface $logger)
+    {
+        // Do Not Edit This Line
+        parent::initController($request, $response, $logger);
+
+        // Preload any models, libraries, etc, here.
+
+        // E.g.: $this->session = service('session');
+    }
+}

app/Controllers/Cashups.php

@@ -0,0 +1,281 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Cashup;
+use App\Models\Expense;
+use App\Models\Reports\Summary_payments;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\OSPOS;
+use Config\Services;
+
+class Cashups extends Secure_Controller
+{
+    private Cashup $cashup;
+    private Expense $expense;
+    private Summary_payments $summary_payments;
+    private array $config;
+
+    public function __construct()
+    {
+        parent::__construct('cashups');
+
+        $this->cashup = model(Cashup::class);
+        $this->expense = model(Expense::class);
+        $this->summary_payments = model(Summary_payments::class);
+        $this->config = config(OSPOS::class)->settings;
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_cashups_manage_table_headers();
+
+        // filters that will be loaded in the multiselect dropdown
+        $data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
+
+        return view('cashups/manage', $data);
+    }
+
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort = $this->sanitizeSortColumn(cashup_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'cashup_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $filters = [
+            'start_date' => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),    // TODO: Is this the best way to filter dates
+            'end_date'   => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'is_deleted' => false
+        ];
+
+        // Check if any filter is set in the multiselect dropdown
+        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
+        $filters = array_merge($filters, $request_filters);
+        $cash_ups = $this->cashup->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->cashup->get_found_rows($search, $filters);
+        $data_rows = [];
+        foreach ($cash_ups->getResult() as $cash_up) {
+            $data_rows[] = get_cash_up_data_row($cash_up);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * @param int $cashup_id
+     * @return string
+     */
+    public function getView(int $cashup_id = NEW_ENTRY): string
+    {
+        $data = [];
+
+        $data['employees'] = [];
+        foreach ($this->employee->get_all()->getResult() as $employee) {
+            foreach (get_object_vars($employee) as $property => $value) {
+                $employee->$property = $value;
+            }
+
+            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        }
+
+        $cash_ups_info = $this->cashup->get_info($cashup_id);
+
+        foreach (get_object_vars($cash_ups_info) as $property => $value) {
+            $cash_ups_info->$property = $value;
+        }
+
+        // Open cashup
+        if ($cash_ups_info->cashup_id == NEW_ENTRY) {
+            $cash_ups_info->open_date = date('Y-m-d H:i:s');
+            $cash_ups_info->close_date = $cash_ups_info->open_date;
+            $cash_ups_info->open_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+            $cash_ups_info->close_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        }
+        // If all the amounts are null or 0 that means it's a close cashup
+        elseif (
+            floatval($cash_ups_info->closed_amount_cash) == 0
+            && floatval($cash_ups_info->closed_amount_due) == 0
+            && floatval($cash_ups_info->closed_amount_card) == 0
+            && floatval($cash_ups_info->closed_amount_check) == 0
+        ) {
+            // Set the close date and time to the actual as this is a close session
+            $cash_ups_info->close_date = date('Y-m-d H:i:s');
+
+            // The closed amount starts with the open amount -/+ any trasferred amount
+            $cash_ups_info->closed_amount_cash = $cash_ups_info->open_amount_cash + $cash_ups_info->transfer_amount_cash;
+
+            // If it's date mode only and not date & time truncate the open and end date to date only
+            if (empty($this->config['date_or_time_format'])) {
+                if ($cash_ups_info->open_date != null) {
+                    $start_date = substr($cash_ups_info->open_date, 0, 10);
+                } else {
+                    $start_date = null;
+                }
+                if ($cash_ups_info->close_date != null) {
+                    $end_date = substr($cash_ups_info->close_date, 0, 10);
+                } else {
+                    $end_date = null;
+                }
+                // Search for all the payments given the time range
+                $inputs = [
+                    'start_date'  => $start_date,
+                    'end_date'    => $end_date,
+                    'sale_type'   => 'complete',
+                    'location_id' => 'all'
+                ];
+            } else {
+                // Search for all the payments given the time range
+                $inputs = [
+                    'start_date'  => $cash_ups_info->open_date,
+                    'end_date'    => $cash_ups_info->close_date,
+                    'sale_type'   => 'complete',
+                    'location_id' => 'all'
+                ];
+            }
+
+            // Get all the transactions payment summaries
+            $reports_data = $this->summary_payments->getData($inputs);
+
+            foreach ($reports_data as $row) {
+                if ($row['trans_group'] == lang('Reports.trans_payments')) {
+                    if ($row['trans_type'] == lang('Sales.cash')) {
+                        $cash_ups_info->closed_amount_cash += $row['trans_amount'];
+                    } elseif ($row['trans_type'] == lang('Sales.due')) {
+                        $cash_ups_info->closed_amount_due += $row['trans_amount'];
+                    } elseif (
+                        $row['trans_type'] == lang('Sales.debit') ||
+                        $row['trans_type'] == lang('Sales.credit')
+                    ) {
+                        $cash_ups_info->closed_amount_card += $row['trans_amount'];
+                    } elseif ($row['trans_type'] == lang('Sales.check')) {
+                        $cash_ups_info->closed_amount_check += $row['trans_amount'];
+                    }
+                }
+            }
+
+            // Lookup expenses paid in cash
+            $filters = [
+                'only_cash'   => true,
+                'only_due'    => false,
+                'only_check'  => false,
+                'only_credit' => false,
+                'only_debit'  => false,
+                'is_deleted'  => false
+            ];
+
+            $payments = $this->expense->get_payments_summary('', array_merge($inputs, $filters));
+
+            foreach ($payments as $row) {
+                $cash_ups_info->closed_amount_cash -= $row['amount'];
+            }
+
+            $cash_ups_info->closed_amount_total = $this->_calculate_total($cash_ups_info->open_amount_cash, $cash_ups_info->transfer_amount_cash, $cash_ups_info->closed_amount_cash, $cash_ups_info->closed_amount_due, $cash_ups_info->closed_amount_card, $cash_ups_info->closed_amount_check);
+        }
+
+        $data['cash_ups_info'] = $cash_ups_info;
+
+        return view("cashups/form", $data);
+    }
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $cash_ups_info = $this->cashup->get_info($row_id);
+        $data_row = get_cash_up_data_row($cash_ups_info);
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * @param int $cashup_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $cashup_id = NEW_ENTRY): ResponseInterface
+    {
+        $open_date = $this->request->getPost('open_date');
+        $open_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $open_date);
+
+        $close_date = $this->request->getPost('close_date');
+        $close_date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $close_date);
+
+        $cash_up_data = [
+            'open_date'            => $open_date_formatter->format('Y-m-d H:i:s'),
+            'close_date'           => $close_date_formatter->format('Y-m-d H:i:s'),
+            'open_amount_cash'     => parse_decimals($this->request->getPost('open_amount_cash')),
+            'transfer_amount_cash' => parse_decimals($this->request->getPost('transfer_amount_cash')),
+            'closed_amount_cash'   => parse_decimals($this->request->getPost('closed_amount_cash')),
+            'closed_amount_due'    => parse_decimals($this->request->getPost('closed_amount_due')),
+            'closed_amount_card'   => parse_decimals($this->request->getPost('closed_amount_card')),
+            'closed_amount_check'  => parse_decimals($this->request->getPost('closed_amount_check')),
+            'closed_amount_total'  => parse_decimals($this->request->getPost('closed_amount_total')),
+            'note'                 => $this->request->getPost('note') != null,
+            'description'          => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'open_employee_id'     => $this->request->getPost('open_employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'close_employee_id'    => $this->request->getPost('close_employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'deleted'              => $this->request->getPost('deleted') != null
+        ];
+
+        if ($this->cashup->save_value($cash_up_data, $cashup_id)) {
+            // New cashup_id
+            if ($cashup_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_adding'), 'id' => $cash_up_data['cashup_id']]);
+            } else { // Existing Cashup
+                return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_updating'), 'id' => $cashup_id]);
+            }
+        } else { // Failure
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.error_adding_updating'), 'id' => NEW_ENTRY]);
+        }
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $cash_ups_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->cashup->delete_list($cash_ups_to_delete)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Cashups.successful_deleted') . ' ' . count($cash_ups_to_delete) . ' ' . lang('Cashups.one_or_multiple'), 'ids' => $cash_ups_to_delete]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Cashups.cannot_be_deleted'), 'ids' => $cash_ups_to_delete]);
+        }
+    }
+
+    /**
+     * Calculate the total for cashups. Used in app\Views\cashups\form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postAjax_cashup_total(): ResponseInterface
+    {
+        $open_amount_cash = parse_decimals($this->request->getPost('open_amount_cash'));
+        $transfer_amount_cash = parse_decimals($this->request->getPost('transfer_amount_cash'));
+        $closed_amount_cash = parse_decimals($this->request->getPost('closed_amount_cash'));
+        $closed_amount_due = parse_decimals($this->request->getPost('closed_amount_due'));
+        $closed_amount_card = parse_decimals($this->request->getPost('closed_amount_card'));
+        $closed_amount_check = parse_decimals($this->request->getPost('closed_amount_check'));
+
+        $total = $this->_calculate_total($open_amount_cash, $transfer_amount_cash, $closed_amount_due, $closed_amount_cash, $closed_amount_card, $closed_amount_check);    // TODO: hungarian notation
+
+        return $this->response->setJSON(['total' => to_currency_no_money($total)]);
+    }
+
+    /**
+     * Calculate total
+     */
+    private function _calculate_total(float $open_amount_cash, float $transfer_amount_cash, float $closed_amount_due, float $closed_amount_cash, float $closed_amount_card, $closed_amount_check): float    // TODO: need to get rid of hungarian notation here. Also, the signature is pretty long.  Perhaps they need to go into an object or array?
+    {
+        return ($closed_amount_cash - $open_amount_cash - $transfer_amount_cash + $closed_amount_due + $closed_amount_card + $closed_amount_check);
+    }
+}

app/Controllers/Config.php

@@ -0,0 +1,979 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\Barcode_lib;
+use App\Libraries\Mailchimp_lib;
+use App\Libraries\Receiving_lib;
+use App\Libraries\Sale_lib;
+use App\Libraries\Tax_lib;
+use App\Models\Appconfig;
+use App\Models\Attribute;
+use App\Models\Customer_rewards;
+use App\Models\Dinner_table;
+use App\Models\Module;
+use App\Models\Enums\Rounding_mode;
+use App\Models\Stock_location;
+use App\Models\Tax;
+use CodeIgniter\Database\BaseConnection;
+use CodeIgniter\Encryption\EncrypterInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Database;
+use Config\OSPOS;
+use Config\Services;
+use DirectoryIterator;
+use NumberFormatter;
+use ReflectionException;
+
+class Config extends Secure_Controller
+{
+    protected $helpers = ['security'];
+    private BaseConnection $db;
+    private EncrypterInterface $encrypter;
+    private Barcode_lib $barcode_lib;
+    private Sale_lib $sale_lib;
+    private Receiving_lib $receiving_lib;
+    private Tax_lib $tax_lib;
+    private Appconfig $appconfig;
+    private Attribute $attribute;
+    private Customer_rewards $customer_rewards;
+    private Dinner_table $dinner_table;
+    protected Module $module;
+    private Stock_location $stock_location;
+    private Tax $tax;
+    private array $config;
+
+
+    public function __construct()
+    {
+        parent::__construct('config');
+
+        $this->barcode_lib = new Barcode_lib();
+        $this->sale_lib = new Sale_lib();
+        $this->receiving_lib = new receiving_lib();
+        $this->tax_lib = new Tax_lib();
+        $this->appconfig = model(Appconfig::class);
+        $this->attribute = model(Attribute::class);
+        $this->customer_rewards = model(Customer_rewards::class);
+        $this->dinner_table = model(Dinner_table::class);
+        $this->module = model(Module::class);
+        $this->stock_location = model(Stock_location::class);
+        $this->tax = model(Tax::class);
+        $this->config = config(OSPOS::class)->settings;
+        $this->db = Database::connect();
+
+        helper('security');
+        if (check_encryption()) {
+            $this->encrypter = Services::encrypter();
+        } else {
+            log_message('alert', 'Error preparing encryption key');
+        }
+    }
+
+    /**
+     * This function loads all the licenses starting with the first one being OSPOS one
+     */
+    private function _licenses(): array    // TODO: remove hungarian notation.  Super long function.  Perhaps we need to refactor out functions?
+    {
+        $i = 0;
+        $composer = false;
+        $npmProd = false;
+        $npmDev = false;
+        $license = [];
+
+        $license[$i]['title'] = 'Open Source Point Of Sale ' . config('App')->application_version;
+
+        if (file_exists('license/LICENSE')) {
+            $license[$i]['text'] = file_get_contents('license/LICENSE', false, null, 0, 3000);
+        } else {
+            $license[$i]['text'] = 'LICENSE file must be in OSPOS license directory. You are not allowed to use OSPOS application until the distribution copy of LICENSE file is present.';
+        }
+
+        $dir = new DirectoryIterator('license');    // Read all the files in the dir license
+
+        foreach ($dir as $fileinfo) {    // TODO: $fileinfo doesn't match our variable naming convention
+            // License files must be in couples: .version (name & version) & .license (license text)
+            if ($fileinfo->isFile()) {
+                if ($fileinfo->getExtension() == 'version') {
+                    ++$i;
+
+                    $basename = 'license/' . $fileinfo->getBasename('.version');
+
+                    $license[$i]['title'] = file_get_contents($basename . '.version', false, null, 0, 100);
+
+                    $license_text_file = $basename . '.license';
+
+                    if (file_exists($license_text_file)) {
+                        $license[$i]['text'] = file_get_contents($license_text_file, false, null, 0, 2000);
+                    } else {
+                        $license[$i]['text'] = $license_text_file . ' file is missing';
+                    }
+                } elseif ($fileinfo->getBasename() == 'composer.LICENSES') {
+                    // Set a flag to indicate that the composer.LICENSES file is available and needs to be attached at the end
+                    $composer = true;
+                } elseif ($fileinfo->getBasename() == 'npm-prod.LICENSES') {
+                    // Set a flag to indicate that the npm-prod.LICENSES file is available and needs to be attached at the end
+                    $npmProd = true;
+                } elseif ($fileinfo->getBasename() == 'npm-dev.LICENSES') {
+                    // Set a flag to indicate that the npm-dev.LICENSES file is available and needs to be attached at the end
+                    $npmDev = true;
+                }
+            }
+        }
+
+        // Attach the licenses from the LICENSES file generated by Composer
+        if ($composer) {
+            ++$i;
+            $license[$i]['title'] = 'Composer Libraries';
+            $license[$i]['text'] = '';
+
+            $file = file_get_contents('license/composer.LICENSES');
+            $array = json_decode($file, true);
+
+            if (isset($array['dependencies'])) {
+                foreach ($array['dependencies'] as $dependency => $details) {
+                    $license[$i]['text'] .= "library: $dependency\n";
+
+                    foreach ($details as $key => $value) {
+                        if (is_array($value)) {
+                            $license[$i]['text'] .= "$key: " . implode(' ', $value) . "\n";
+                        } else {
+                            $license[$i]['text'] .= "$key: $value\n";
+                        }
+                    }
+
+                    $license[$i]['text'] .= "\n";
+                }
+                $license[$i]['text'] = rtrim($license[$i]['text'], "\n");
+            }
+        }
+
+        // Attach the licenses from the LICENSES file generated by license-report
+        if ($npmProd) {
+            ++$i;
+            $license[$i]['title'] = 'NPM Production Libraries';
+            $license[$i]['text'] = '';
+
+            $file = file_get_contents('license/npm-prod.LICENSES');
+            $array = json_decode($file, true);
+
+            foreach ($array as $dependency) {
+                $license[$i]['text'] .= "library: {$dependency['name']}\n";
+                $license[$i]['text'] .= "authors: {$dependency['author']}\n";
+                $license[$i]['text'] .= "website: {$dependency['homepage']}\n";
+                $license[$i]['text'] .= "version: {$dependency['installedVersion']}\n";
+                $license[$i]['text'] .= "license: {$dependency['licenseType']}\n";
+
+                $license[$i]['text'] .= "\n";
+            }
+            $license[$i]['text'] = rtrim($license[$i]['text'], "\n");
+        }
+
+        if ($npmDev) {
+            ++$i;
+            $license[$i]['title'] = 'NPM Development Libraries';
+            $license[$i]['text'] = '';
+
+            $file = file_get_contents('license/npm-dev.LICENSES');
+            $array = json_decode($file, true);
+
+            foreach ($array as $dependency) {
+                $license[$i]['text'] .= "library: {$dependency['name']}\n";
+                $license[$i]['text'] .= "authors: {$dependency['author']}\n";
+                $license[$i]['text'] .= "website: {$dependency['homepage']}\n";
+                $license[$i]['text'] .= "version: {$dependency['installedVersion']}\n";
+                $license[$i]['text'] .= "license: {$dependency['licenseType']}\n";
+
+                $license[$i]['text'] .= "\n";
+            }
+            $license[$i]['text'] = rtrim($license[$i]['text'], "\n");
+        }
+
+        return $license;
+    }
+
+    /**
+     * This function loads all the available themes in the dist/bootswatch directory
+     * @return array
+     */
+    private function _themes(): array    // TODO: Hungarian notation
+    {
+        $themes = [];
+
+        // Read all themes in the dist folder
+        $dir = new DirectoryIterator('resources/bootswatch');
+
+        foreach ($dir as $dirinfo) {    // TODO: $dirinfo doesn't follow naming convention
+            if ($dirinfo->isDir() && !$dirinfo->isDot() && $dirinfo->getFileName() != 'fonts') {
+                $file = $dirinfo->getFileName();
+                $themes[$file] = ucfirst($file);
+            }
+        }
+
+        asort($themes);
+
+        return $themes;
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['stock_locations'] = $this->stock_location->get_all()->getResultArray();
+        $data['dinner_tables'] = $this->dinner_table->get_all()->getResultArray();
+        $data['customer_rewards'] = $this->customer_rewards->get_all()->getResultArray();
+        $data['support_barcode'] = $this->barcode_lib->get_list_barcodes();
+        $data['barcode_fonts'] = $this->barcode_lib->listfonts('fonts');
+        $data['logo_exists'] = $this->config['company_logo'] != '';
+        $data['logo_src'] = !empty($this->config['company_logo']) ? base_url('uploads/' . $this->config['company_logo']) : '';
+        $data['line_sequence_options'] = $this->sale_lib->get_line_sequence_options();
+        $data['register_mode_options'] = $this->sale_lib->get_register_mode_options();
+        $data['invoice_type_options'] = $this->sale_lib->get_invoice_type_options();
+        $data['rounding_options'] = rounding_mode::get_rounding_options();
+        $data['tax_code_options'] = $this->tax_lib->get_tax_code_options();
+        $data['tax_category_options'] = $this->tax_lib->get_tax_category_options();
+        $data['tax_jurisdiction_options'] = $this->tax_lib->get_tax_jurisdiction_options();
+        $data['show_office_group'] = $this->module->get_show_office_group();
+        $data['currency_code'] = $this->config['currency_code'] ?? '';
+        $data['dbVersion'] = mysqli_get_server_info($this->db->getConnection());
+
+        // Load all the license statements, they are already XSS cleaned in the private function
+        $data['licenses'] = $this->_licenses();
+
+        // Load all the themes, already XSS cleaned in the private function
+        $data['themes'] = $this->_themes();
+
+        // General related fields
+        $image_allowed_types = ['jpg', 'jpeg', 'gif', 'svg', 'webp', 'bmp', 'png', 'tif', 'tiff'];
+        $data['image_allowed_types'] = array_combine($image_allowed_types, $image_allowed_types);
+        $data['selected_image_allowed_types'] = explode(',', $this->config['image_allowed_types']);
+
+        // Integrations Related fields
+        $data['mailchimp']    = [];
+
+        if (check_encryption()) {    // TODO: Hungarian notation
+            if (!isset($this->encrypter)) {
+                helper('security');
+                $this->encrypter = Services::encrypter();
+            }
+
+            $data['mailchimp']['api_key'] = (isset($this->config['mailchimp_api_key']) && !empty($this->config['mailchimp_api_key']))
+                ? $this->encrypter->decrypt($this->config['mailchimp_api_key'])
+                : '';
+
+            $data['mailchimp']['list_id'] = (isset($this->config['mailchimp_list_id']) && !empty($this->config['mailchimp_list_id']))
+                ? $this->encrypter->decrypt($this->config['mailchimp_list_id'])
+                : '';
+
+            // Remove any backup of .env created by check_encryption()
+            remove_backup();
+        } else {
+            $data['mailchimp']['api_key'] = '';
+            $data['mailchimp']['list_id'] = '';
+        }
+
+        $data['mailchimp']['lists'] = $this->_mailchimp();
+
+        return view('configs/manage', $data);
+    }
+
+    /**
+     * Saves company information. Used in app/Views/configs/info_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveInfo(): ResponseInterface
+    {
+        $upload_data = $this->upload_logo();
+        $upload_success = empty($upload_data['error']);
+
+        $batch_save_data = [
+            'company'       => $this->request->getPost('company'),
+            'address'       => $this->request->getPost('address'),
+            'phone'         => $this->request->getPost('phone'),
+            'email'         => strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL)),
+            'fax'           => $this->request->getPost('fax'),
+            'website'       => $this->request->getPost('website', FILTER_SANITIZE_URL),
+            'return_policy' => $this->request->getPost('return_policy')
+        ];
+
+        if (!empty($upload_data['orig_name']) && $upload_data['raw_name']) {
+            $batch_save_data['company_logo'] = $upload_data['raw_name'] . '.' . $upload_data['file_ext'];
+        }
+
+        $result = $this->appconfig->batch_save($batch_save_data);
+        $success = $upload_success && $result;
+        $message = lang('Config.saved_' . ($success ? '' : 'un') . 'successfully');
+        $message = $upload_success ? $message : strip_tags($upload_data['error']);
+
+        return $this->response->setJSON(['success' => $success, 'message' => $message]);
+    }
+
+
+    /**
+     * @return array
+     */
+    private function upload_logo(): array
+    {
+        $file = $this->request->getFile('company_logo');
+        if (!$file) {
+            return [];
+        }
+
+        helper(['form']);
+        $validation_rule = [
+            'company_logo' => [
+                'label' => 'Company logo',
+                'rules' => [
+                    'uploaded[company_logo]',
+                    'is_image[company_logo]',
+                    'max_size[company_logo,1024]',
+                    'mime_in[company_logo,image/png,image/jpg,image/jpeg,image/gif]',
+                    'ext_in[company_logo,png,jpg,gif]',
+                    'max_dims[company_logo,800,680]',
+                ]
+            ]
+        ];
+
+        if (!$this->validate($validation_rule)) {
+            return (['error' => $this->validator->getError('company_logo')]);
+        }
+
+
+        $filename = $file->getClientName();
+        $info = pathinfo($filename);
+
+        $file_info = [
+            'orig_name' => $filename,
+            'raw_name'  => $info['filename'],
+            'file_ext'  => $file->guessExtension()
+        ];
+
+        $file->move(FCPATH . 'uploads/', $file_info['raw_name'] . '.' . $file_info['file_ext'], true);
+
+        return ($file_info);
+    }
+
+    /**
+     * Saves general configuration. Used in app/Views/configs/general_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveGeneral(): ResponseInterface
+    {
+        $batch_save_data = [
+            'theme'                             => $this->request->getPost('theme'),
+            'login_form'                        => $this->request->getPost('login_form'),
+            'default_sales_discount_type'       => $this->request->getPost('default_sales_discount_type') != null,
+            'default_sales_discount'            => parse_decimals($this->request->getPost('default_sales_discount')),
+            'default_receivings_discount_type'  => $this->request->getPost('default_receivings_discount_type') != null,
+            'default_receivings_discount'       => parse_decimals($this->request->getPost('default_receivings_discount')),
+            'enforce_privacy'                   => $this->request->getPost('enforce_privacy') != null,
+            'receiving_calculate_average_price' => $this->request->getPost('receiving_calculate_average_price') != null,
+            'lines_per_page'                    => $this->request->getPost('lines_per_page', FILTER_SANITIZE_NUMBER_INT),
+            'notify_horizontal_position'        => $this->request->getPost('notify_horizontal_position'),
+            'notify_vertical_position'          => $this->request->getPost('notify_vertical_position'),
+            'image_max_width'                   => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT),
+            'image_max_height'                  => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT),
+            'image_max_size'                    => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT),
+            'image_allowed_types'               => implode(',', $this->request->getPost('image_allowed_types')),
+            'gcaptcha_enable'                   => $this->request->getPost('gcaptcha_enable') != null,
+            'gcaptcha_secret_key'               => $this->request->getPost('gcaptcha_secret_key'),
+            'gcaptcha_site_key'                 => $this->request->getPost('gcaptcha_site_key'),
+            'suggestions_first_column'          => $this->request->getPost('suggestions_first_column'),
+            'suggestions_second_column'         => $this->request->getPost('suggestions_second_column'),
+            'suggestions_third_column'          => $this->request->getPost('suggestions_third_column'),
+            'giftcard_number'                   => $this->request->getPost('giftcard_number'),
+            'derive_sale_quantity'              => $this->request->getPost('derive_sale_quantity') != null,
+            'multi_pack_enabled'                => $this->request->getPost('multi_pack_enabled') != null,
+            'include_hsn'                       => $this->request->getPost('include_hsn') != null,
+            'category_dropdown'                 => $this->request->getPost('category_dropdown') != null
+        ];
+
+        $this->module->set_show_office_group($this->request->getPost('show_office_group') != null);
+
+        if ($batch_save_data['category_dropdown'] == 1) {
+            $definition_data['definition_name'] = 'ospos_category';
+            $definition_data['definition_flags'] = 0;
+            $definition_data['definition_type'] = 'DROPDOWN';
+            $definition_data['definition_id'] = CATEGORY_DEFINITION_ID;
+            $definition_data['deleted'] = 0;
+
+            $this->attribute->save_definition($definition_data, CATEGORY_DEFINITION_ID);
+        } elseif ($batch_save_data['category_dropdown'] == NO_DEFINITION_ID) {
+            $this->attribute->deleteDefinition(CATEGORY_DEFINITION_ID);
+        }
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Checks a number against the currently selected locale. Used in app/Views/configs/locale_config.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckNumberLocale(): ResponseInterface
+    {
+        $number_locale = $this->request->getPost('number_locale');
+        $save_number_locale = $this->request->getPost('save_number_locale');
+
+        $fmt = new NumberFormatter($number_locale, NumberFormatter::CURRENCY);
+        if ($number_locale != $save_number_locale) {
+            $currency_symbol = $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL);
+            $currency_code = $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE);
+            $save_number_locale = $number_locale;
+        } else {
+            $currency_symbol = empty($this->request->getPost('currency_symbol')) ? $fmt->getSymbol(NumberFormatter::CURRENCY_SYMBOL) : $this->request->getPost('currency_symbol');
+            $currency_code = empty($this->request->getPost('currency_code')) ? $fmt->getTextAttribute(NumberFormatter::CURRENCY_CODE) : $this->request->getPost('currency_code');
+        }
+
+        if ($this->request->getPost('thousands_separator') == 'false') {
+            $fmt->setTextAttribute(NumberFormatter::GROUPING_SEPARATOR_SYMBOL, '');
+        }
+
+        $fmt->setSymbol(NumberFormatter::CURRENCY_SYMBOL, $currency_symbol);
+        $number_local_example = $fmt->format(1234567890.12300);
+
+        return $this->response->setJSON([
+            'success'               => $number_local_example != false,
+            'save_number_locale'    => $save_number_locale,
+            'number_locale_example' => $number_local_example,
+            'currency_symbol'       => $currency_symbol,
+            'currency_code'         => $currency_code,
+        ]);
+    }
+
+    /**
+     * Saves locale configuration. Used in app/Views/configs/locale_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveLocale(): ResponseInterface
+    {
+        $exploded = explode(":", $this->request->getPost('language'));
+        $currency_symbol = $this->request->getPost('currency_symbol');
+        $batch_save_data = [
+            'currency_symbol'       => htmlspecialchars($currency_symbol ?? ''),
+            'currency_code'         => $this->request->getPost('currency_code'),
+            'language_code'         => $exploded[0],
+            'language'              => $exploded[1],
+            'timezone'              => $this->request->getPost('timezone'),
+            'dateformat'            => $this->request->getPost('dateformat'),
+            'timeformat'            => $this->request->getPost('timeformat'),
+            'thousands_separator'   => $this->request->getPost('thousands_separator') != null,
+            'number_locale'         => $this->request->getPost('number_locale'),
+            'currency_decimals'     => $this->request->getPost('currency_decimals', FILTER_SANITIZE_NUMBER_INT),
+            'tax_decimals'          => $this->request->getPost('tax_decimals', FILTER_SANITIZE_NUMBER_INT),
+            'quantity_decimals'     => $this->request->getPost('quantity_decimals', FILTER_SANITIZE_NUMBER_INT),
+            'country_codes'         => htmlspecialchars($this->request->getPost('country_codes')),
+            'payment_options_order' => $this->request->getPost('payment_options_order'),
+            'date_or_time_format'   => $this->request->getPost('date_or_time_format') != null,
+            'cash_decimals'         => $this->request->getPost('cash_decimals', FILTER_SANITIZE_NUMBER_INT),
+            'cash_rounding_code'    => $this->request->getPost('cash_rounding_code'),
+            'financial_year'        => $this->request->getPost('financial_year', FILTER_SANITIZE_NUMBER_INT)
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves email configuration. Used in app/Views/configs/email_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveEmail(): ResponseInterface
+    {
+        $password = '';
+
+        if (check_encryption() && !empty($this->request->getPost('smtp_pass'))) {
+            $password = $this->encrypter->encrypt($this->request->getPost('smtp_pass'));
+        }
+
+        $batch_save_data = [
+            'protocol'     => $this->request->getPost('protocol'),
+            'mailpath'     => $this->request->getPost('mailpath'),
+            'smtp_host'    => $this->request->getPost('smtp_host'),
+            'smtp_user'    => $this->request->getPost('smtp_user'),
+            'smtp_pass'    => $password,
+            'smtp_port'    => $this->request->getPost('smtp_port', FILTER_SANITIZE_NUMBER_INT),
+            'smtp_timeout' => $this->request->getPost('smtp_timeout', FILTER_SANITIZE_NUMBER_INT),
+            'smtp_crypto'  => $this->request->getPost('smtp_crypto')
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves SMS message configuration. Used in app/Views/configs/message_config.php.
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveMessage(): ResponseInterface
+    {
+        $password = '';
+
+        if (check_encryption() && !empty($this->request->getPost('msg_pwd'))) {
+            $password = $this->encrypter->encrypt($this->request->getPost('msg_pwd'));
+        }
+
+        $batch_save_data = [
+            'msg_msg' => $this->request->getPost('msg_msg'),
+            'msg_uid' => $this->request->getPost('msg_uid'),
+            'msg_pwd' => $password,
+            'msg_src' => $this->request->getPost('msg_src')
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * This function fetches all the available lists from Mailchimp for the given API key
+     */
+    private function _mailchimp(string $api_key = ''): array    // TODO: Hungarian notation
+    {
+        $mailchimp_lib = new Mailchimp_lib(['api_key' => $api_key]);
+
+        $result = [];
+
+        $lists = $mailchimp_lib->getLists();
+        if ($lists !== false) {
+            if (is_array($lists) && !empty($lists['lists']) && is_array($lists['lists'])) {
+                foreach ($lists['lists'] as $list) {
+                    $result[$list['id']] = $list['name'] . ' [' . $list['stats']['member_count'] . ']';
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Gets Mailchimp lists when a valid API key is inserted. Used in app/Views/configs/integrations_config.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckMailchimpApiKey(): ResponseInterface
+    {
+        $lists = $this->_mailchimp($this->request->getPost('mailchimp_api_key'));
+        $success = count($lists) > 0;
+
+        return $this->response->setJSON([
+            'success'         => $success,
+            'message'         => lang('Config.mailchimp_key_' . ($success ? '' : 'un') . 'successfully'),
+            'mailchimp_lists' => $lists
+        ]);
+    }
+
+    /**
+     * Saves Mailchimp configuration. Used in app/Views/configs/integrations_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveMailchimp(): ResponseInterface
+    {
+        $api_key = '';
+        $list_id = '';
+
+        if (check_encryption()) {
+            $api_key_unencrypted = $this->request->getPost('mailchimp_api_key');
+            if (!empty($api_key_unencrypted)) {
+                $api_key = $this->encrypter->encrypt($api_key_unencrypted);
+            }
+
+            $list_id_unencrypted = $this->request->getPost('mailchimp_list_id');
+            if (!empty($list_id_unencrypted)) {
+                $list_id = $this->encrypter->encrypt($list_id_unencrypted);
+            }
+        }
+
+        $batch_save_data = ['mailchimp_api_key' => $api_key, 'mailchimp_list_id' => $list_id];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Gets all stock locations. Used in app/Views/configs/stock_config.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getStockLocations(): string
+    {
+        $stock_locations = $this->stock_location->get_all()->getResultArray();
+
+        return view('partial/stock_locations', ['stock_locations' => $stock_locations]);
+    }
+
+    /**
+     * @return string
+     */
+    public function getDinnerTables(): string
+    {
+        $dinner_tables = $this->dinner_table->get_all()->getResultArray();
+
+        return view('partial/dinner_tables', ['dinner_tables' => $dinner_tables]);
+    }
+
+
+    /**
+     * Gets all tax categories.
+     *
+     * @return string
+     */
+    public function ajax_tax_categories(): string    // TODO: Is this function called anywhere in the code?
+    {
+        $tax_categories = $this->tax->get_all_tax_categories()->getResultArray();
+
+        return view('partial/tax_categories', ['tax_categories' => $tax_categories]);
+    }
+
+    /**
+     * Gets all customer rewards. Used in app/Views/configs/reward_config.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getCustomerRewards(): string
+    {
+        $customer_rewards = $this->customer_rewards->get_all()->getResultArray();
+
+        return view('partial/customer_rewards', ['customer_rewards' => $customer_rewards]);
+    }
+
+    /**
+     * @return void
+     */
+    private function _clear_session_state(): void    // TODO: Hungarian notation
+    {
+        $this->sale_lib->clear_sale_location();
+        $this->sale_lib->clear_table();
+        $this->sale_lib->clear_all();
+        $this->receiving_lib = new Receiving_lib();
+        $this->receiving_lib->clear_stock_source();
+        $this->receiving_lib->clear_stock_destination();
+        $this->receiving_lib->clear_all();
+    }
+
+    /**
+     * Saves stock locations. Used in app/Views/configs/stock_config.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveLocations(): ResponseInterface
+    {
+        $this->db->transStart();
+
+        $not_to_delete = [];
+        foreach ($this->request->getPost() as $key => $value) {
+            if (str_contains($key, 'stock_location')) {
+                // Save or update
+                foreach ($value as $location_id => $location_name) {
+                    $location_data = ['location_name' => $location_name];
+                    if ($this->stock_location->save_value($location_data, $location_id)) {
+                        $location_id = $this->stock_location->get_location_id($location_name);
+                        $not_to_delete[] = $location_id;
+                        $this->_clear_session_state();
+                    }
+                }
+            }
+        }
+
+        // All locations not available in post will be deleted now
+        $deleted_locations = $this->stock_location->get_all()->getResultArray();
+
+        foreach ($deleted_locations as $location => $location_data) {
+            if (!in_array($location_data['location_id'], $not_to_delete)) {
+                $this->stock_location->delete($location_data['location_id']);
+            }
+        }
+
+        $this->db->transComplete();
+
+        $success = $this->db->transStatus();
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves all dinner tables. Used in app/Views/configs/table_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveTables(): ResponseInterface
+    {
+        $this->db->transStart();
+
+        $dinner_table_enable = $this->request->getPost('dinner_table_enable') != null;
+
+        $this->appconfig->save(['dinner_table_enable' => $dinner_table_enable]);
+
+        if ($dinner_table_enable) {
+            $not_to_delete = [];
+            foreach ($this->request->getPost() as $key => $value) {    // TODO: Not sure if this is the best way to filter the array
+                if (strstr($key, 'dinner_table') && $key != 'dinner_table_enable') {
+                    $dinner_table_id = preg_replace("/.*?_(\d+)$/", "$1", $key);
+                    $not_to_delete[] = $dinner_table_id;
+
+                    // Save or update
+                    $table_data = ['name' => $value];
+                    if ($this->dinner_table->save_value($table_data, $dinner_table_id)) {
+                        $this->_clear_session_state();    // TODO: Remove hungarian notation.
+                    }
+                }
+            }
+
+            // All tables not available in post will be deleted now
+            $deleted_tables = $this->dinner_table->get_all()->getResultArray();
+
+            foreach ($deleted_tables as $dinner_tables => $table) {
+                if (!in_array($table['dinner_table_id'], $not_to_delete)) {
+                    $this->dinner_table->delete($table['dinner_table_id']);
+                }
+            }
+        }
+
+        $this->db->transComplete();
+
+        $success = $this->db->transStatus();
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves tax configuration. Used in app/Views/configs/tax_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveTax(): ResponseInterface
+    {
+        $default_tax_1_rate = $this->request->getPost('default_tax_1_rate');
+        $default_tax_2_rate = $this->request->getPost('default_tax_2_rate');
+
+        $batch_save_data = [
+            'default_tax_1_rate'        => parse_tax(filter_var($default_tax_1_rate, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
+            'default_tax_1_name'        => $this->request->getPost('default_tax_1_name'),
+            'default_tax_2_rate'        => parse_tax(filter_var($default_tax_2_rate, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)),
+            'default_tax_2_name'        => $this->request->getPost('default_tax_2_name'),
+            'tax_included'              => $this->request->getPost('tax_included') != null,
+            'use_destination_based_tax' => $this->request->getPost('use_destination_based_tax') != null,
+            'default_tax_code'          => $this->request->getPost('default_tax_code'),
+            'default_tax_category'      => $this->request->getPost('default_tax_category'),
+            'default_tax_jurisdiction'  => $this->request->getPost('default_tax_jurisdiction'),
+            'tax_id'                    => $this->request->getPost('tax_id', FILTER_SANITIZE_NUMBER_INT)
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        $message = lang('Config.saved_' . ($success ? '' : 'un') . 'successfully');
+
+        return $this->response->setJSON(['success' => $success, 'message' => $message]);
+    }
+
+    /**
+     * Saves customer rewards configuration. Used in app/Views/configs/reward_config.php
+     *
+      * @throws ReflectionException
+      * @return ResponseInterface
+      * @noinspection PhpUnused
+      */
+    public function postSaveRewards(): ResponseInterface
+    {
+        $this->db->transStart();
+
+        $customer_reward_enable = $this->request->getPost('customer_reward_enable') != null;
+
+        $this->appconfig->save(['customer_reward_enable' => $customer_reward_enable]);
+
+        if ($customer_reward_enable) {
+            $not_to_delete = [];
+            $array_save = [];
+            foreach ($this->request->getPost() as $key => $value) {
+                if (strstr($key, 'customer_reward') && $key != 'customer_reward_enable') {
+                    $customer_reward_id = preg_replace("/.*?_(\d+)$/", "$1", $key);
+                    $not_to_delete[] = $customer_reward_id;
+                    $array_save[$customer_reward_id]['package_name'] = $value;
+                } elseif (str_contains($key, 'reward_points')) {
+                    $customer_reward_id = preg_replace("/.*?_(\d+)$/", "$1", $key);
+                    $array_save[$customer_reward_id]['points_percent'] = $value;
+                }
+            }
+
+            if (!empty($array_save)) {
+                foreach ($array_save as $key => $value) {
+                    // Save or update
+                    $package_data = ['package_name' => $value['package_name'], 'points_percent' => $value['points_percent']];
+                    $this->customer_rewards->save_value($package_data, $key);    // TODO: reflection exception
+                }
+            }
+
+            // All packages not available in post will be deleted now
+            $deleted_packages = $this->customer_rewards->get_all()->getResultArray();
+
+            foreach ($deleted_packages as $customer_rewards => $reward_category) {
+                if (!in_array($reward_category['package_id'], $not_to_delete)) {
+                    $this->customer_rewards->delete($reward_category['package_id']);
+                }
+            }
+        }
+
+        $this->db->transComplete();
+
+        $success = $this->db->transStatus();
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves barcode configuration. Used in app/Views/configs/barcode_config.php
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveBarcode(): ResponseInterface
+    {
+        $batch_save_data = [
+            'barcode_type'              => $this->request->getPost('barcode_type'),
+            'barcode_width'             => $this->request->getPost('barcode_width', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_height'            => $this->request->getPost('barcode_height', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_font'              => $this->request->getPost('barcode_font'),
+            'barcode_font_size'         => $this->request->getPost('barcode_font_size', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_first_row'         => $this->request->getPost('barcode_first_row'),
+            'barcode_second_row'        => $this->request->getPost('barcode_second_row'),
+            'barcode_third_row'         => $this->request->getPost('barcode_third_row'),
+            'barcode_num_in_row'        => $this->request->getPost('barcode_num_in_row', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_page_width'        => $this->request->getPost('barcode_page_width', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_page_cellspacing'  => $this->request->getPost('barcode_page_cellspacing', FILTER_SANITIZE_NUMBER_INT),
+            'barcode_generate_if_empty' => $this->request->getPost('barcode_generate_if_empty') != null,
+            'allow_duplicate_barcodes'  => $this->request->getPost('allow_duplicate_barcodes') != null,
+            'barcode_content'           => $this->request->getPost('barcode_content'),
+            'barcode_formats'           => json_encode($this->request->getPost('barcode_formats'))
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves receipt configuration. Used in app/Views/configs/receipt_config.php.
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveReceipt(): ResponseInterface
+    {
+        $batch_save_data = [
+            'receipt_template'              => $this->request->getPost('receipt_template'),
+            'receipt_font_size'             => $this->request->getPost('receipt_font_size', FILTER_SANITIZE_NUMBER_INT),
+            'print_delay_autoreturn'        => $this->request->getPost('print_delay_autoreturn', FILTER_SANITIZE_NUMBER_INT),
+            'email_receipt_check_behaviour' => $this->request->getPost('email_receipt_check_behaviour'),
+            'print_receipt_check_behaviour' => $this->request->getPost('print_receipt_check_behaviour'),
+            'receipt_show_company_name'     => $this->request->getPost('receipt_show_company_name') != null,
+            'receipt_show_taxes'            => $this->request->getPost('receipt_show_taxes') != null,
+            'receipt_show_tax_ind'          => $this->request->getPost('receipt_show_tax_ind') != null,
+            'receipt_show_total_discount'   => $this->request->getPost('receipt_show_total_discount') != null,
+            'receipt_show_description'      => $this->request->getPost('receipt_show_description') != null,
+            'receipt_show_serialnumber'     => $this->request->getPost('receipt_show_serialnumber') != null,
+            'print_silently'                => $this->request->getPost('print_silently') != null,
+            'print_header'                  => $this->request->getPost('print_header') != null,
+            'print_footer'                  => $this->request->getPost('print_footer') != null,
+            'print_top_margin'              => $this->request->getPost('print_top_margin', FILTER_SANITIZE_NUMBER_INT),
+            'print_left_margin'             => $this->request->getPost('print_left_margin', FILTER_SANITIZE_NUMBER_INT),
+            'print_bottom_margin'           => $this->request->getPost('print_bottom_margin', FILTER_SANITIZE_NUMBER_INT),
+            'print_right_margin'            => $this->request->getPost('print_right_margin', FILTER_SANITIZE_NUMBER_INT)
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Saves invoice configuration. Used in app/Views/configs/invoice_config.php.
+     *
+     * @throws ReflectionException
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSaveInvoice(): ResponseInterface
+    {
+        $batch_save_data = [
+            'invoice_enable'              => $this->request->getPost('invoice_enable') != null,
+            'sales_invoice_format'        => $this->request->getPost('sales_invoice_format'),
+            'sales_quote_format'          => $this->request->getPost('sales_quote_format'),
+            'recv_invoice_format'         => $this->request->getPost('recv_invoice_format'),
+            'invoice_default_comments'    => $this->request->getPost('invoice_default_comments'),
+            'invoice_email_message'       => $this->request->getPost('invoice_email_message'),
+            'line_sequence'               => $this->request->getPost('line_sequence'),
+            'last_used_invoice_number'    => $this->request->getPost('last_used_invoice_number', FILTER_SANITIZE_NUMBER_INT),
+            'last_used_quote_number'      => $this->request->getPost('last_used_quote_number', FILTER_SANITIZE_NUMBER_INT),
+            'quote_default_comments'      => $this->request->getPost('quote_default_comments'),
+            'work_order_enable'           => $this->request->getPost('work_order_enable') != null,
+            'work_order_format'           => $this->request->getPost('work_order_format'),
+            'last_used_work_order_number' => $this->request->getPost('last_used_work_order_number', FILTER_SANITIZE_NUMBER_INT),
+            'invoice_type'                => Sale_lib::isValidInvoiceType($this->request->getPost('invoice_type')) 
+                ? $this->request->getPost('invoice_type') 
+                : 'invoice'
+        ];
+
+        $success = $this->appconfig->batch_save($batch_save_data);
+
+        // Update the register mode with the latest change so that if the user
+        // switches immediately back to the register the mode reflects the change
+        if ($success) {
+            if ($this->config['invoice_enable']) {
+                $this->sale_lib->set_mode($this->config['default_register_mode']);
+            } else {
+                $this->sale_lib->set_mode('sale');
+            }
+        }
+
+        return $this->response->setJSON(['success' => $success, 'message' => lang('Config.saved_' . ($success ? '' : 'un') . 'successfully')]);
+    }
+
+    /**
+     * Removes the company logo from the database. Used in app/Views/configs/info_config.php.
+     *
+     * @return ResponseInterface
+     * @throws ReflectionException
+     * @noinspection PhpUnused
+     */
+    public function postRemoveLogo(): ResponseInterface
+    {
+        $success = $this->appconfig->save(['company_logo' => '']);
+
+        return $this->response->setJSON(['success' => $success]);
+    }
+}

app/Controllers/Customers.php

@@ -0,0 +1,485 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\Mailchimp_lib;
+
+use App\Models\Customer;
+use App\Models\Customer_rewards;
+use App\Models\Tax_code;
+use CodeIgniter\HTTP\DownloadResponse;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\OSPOS;
+use Config\Services;
+use stdClass;
+
+class Customers extends Persons
+{
+    private string $_list_id;
+    private Mailchimp_lib $mailchimp_lib;
+    private Customer_rewards $customer_rewards;
+    private Customer $customer;
+    private Tax_code $tax_code;
+    private array $config;
+
+    public function __construct()
+    {
+        parent::__construct('customers');
+        $this->mailchimp_lib = new Mailchimp_lib();
+        $this->customer_rewards = model(Customer_rewards::class);
+        $this->customer = model(Customer::class);
+        $this->tax_code = model(Tax_code::class);
+        $this->config = config(OSPOS::class)->settings;
+
+        $encrypter = Services::encrypter();
+
+        if (!empty($this->config['mailchimp_list_id'])) {
+            $this->_list_id = $encrypter->decrypt($this->config['mailchimp_list_id']);
+        } else {
+            $this->_list_id = '';
+        }
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_customer_manage_table_headers();
+
+        return view('people/manage', $data);
+    }
+
+    /**
+     * Gets one row for a customer manage table. This is called using AJAX to update one row.
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $person = $this->customer->get_info($row_id);
+
+        // Retrieve the total amount the customer spent so far together with min, max and average values
+        $stats = $this->customer->get_stats($person->person_id);    // TODO: This and the next 11 lines are duplicated in search().  Extract a method.
+
+        if (empty($stats)) {
+            // Create object with empty properties.
+            $stats = new stdClass();
+            $stats->total = 0;
+            $stats->min = 0;
+            $stats->max = 0;
+            $stats->average = 0;
+            $stats->avg_discount = 0;
+            $stats->quantity = 0;
+        }
+
+        $data_row = get_customer_data_row($person, $stats);
+
+        return $this->response->setJSON($data_row);
+    }
+
+
+    /**
+     * Returns customer table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort = $this->sanitizeSortColumn(customer_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $customers = $this->customer->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->customer->get_found_rows($search);
+
+        $data_rows = [];
+
+        foreach ($customers->getResult() as $person) {
+            // Retrieve the total amount the customer spent so far together with min, max and average values
+            $stats = $this->customer->get_stats($person->person_id);    // TODO: duplicated... see above
+            if (empty($stats)) {
+                // Create object with empty properties.
+                $stats = new stdClass();
+                $stats->total = 0;
+                $stats->min = 0;
+                $stats->max = 0;
+                $stats->average = 0;
+                $stats->avg_discount = 0;
+                $stats->quantity = 0;
+            }
+
+            $data_rows[] = get_customer_data_row($person, $stats);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->customer->get_search_suggestions($search);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->customer->get_search_suggestions($search, 25, false);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * Loads the customer edit form
+     * @return string
+     */
+    public function getView(int $customer_id = NEW_ENTRY): string
+    {
+        // Set default values
+        if ($customer_id == null) $customer_id = NEW_ENTRY;
+
+        $info = $this->customer->get_info($customer_id);
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+        $data['person_info'] = $info;
+
+        if (empty($info->person_id) || empty($info->date) || empty($info->employee_id)) {
+            $data['person_info']->date = date('Y-m-d H:i:s');
+            $data['person_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        }
+
+        $employee_info = $this->employee->get_info($info->employee_id);
+        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
+
+        $tax_code_info = $this->tax_code->get_info($info->sales_tax_code_id);
+
+        if ($tax_code_info->tax_code != null) {
+            $data['sales_tax_code_label'] = $tax_code_info->tax_code . ' ' . $tax_code_info->tax_code_name;
+        } else {
+            $data['sales_tax_code_label'] = '';
+        }
+
+        $packages = ['' => lang('Items.none')];
+        foreach ($this->customer_rewards->get_all()->getResultArray() as $row) {
+            $packages[$row['package_id']] = $row['package_name'];
+        }
+        $data['packages'] = $packages;
+        $data['selected_package'] = $info->package_id;
+
+        $data['use_destination_based_tax'] = $this->config['use_destination_based_tax'];
+
+        // Retrieve the total amount the customer spent so far together with min, max and average values
+        $stats = $this->customer->get_stats($customer_id);
+        if (!empty($stats)) {
+            foreach (get_object_vars($stats) as $property => $value) {
+                $info->$property = $value;
+            }
+            $data['stats'] = $stats;
+        }
+
+        // Retrieve the info from Mailchimp only if there is an email address assigned
+        if (!empty($info->email)) {
+            // Collect Mailchimp customer info
+            if (($mailchimp_info = $this->mailchimp_lib->getMemberInfo($this->_list_id, $info->email)) !== false) {
+                $data['mailchimp_info'] = $mailchimp_info;
+
+                // Collect customer Mailchimp emails activities (stats)
+                if (($activities = $this->mailchimp_lib->getMemberActivity($this->_list_id, $info->email)) !== false) {
+                    if (array_key_exists('activity', $activities)) {
+                        $open = 0;
+                        $unopen = 0;
+                        $click = 0;
+                        $total = 0;
+                        $lastopen = '';
+
+                        foreach ($activities['activity'] as $activity) {
+                            if ($activity['action'] == 'sent') {
+                                ++$unopen;
+                            } elseif ($activity['action'] == 'open') {
+                                if (empty($lastopen)) {
+                                    $lastopen = substr($activity['timestamp'], 0, 10);
+                                }
+                                ++$open;
+                            } elseif ($activity['action'] == 'click') {
+                                if (empty($lastopen)) {
+                                    $lastopen = substr($activity['timestamp'], 0, 10);
+                                }
+                                ++$click;
+                            }
+
+                            ++$total;
+                        }
+
+                        $data['mailchimp_activity']['total'] = $total;
+                        $data['mailchimp_activity']['open'] = $open;
+                        $data['mailchimp_activity']['unopen'] = $unopen;
+                        $data['mailchimp_activity']['click'] = $click;
+                        $data['mailchimp_activity']['lastopen'] = $lastopen;
+                    }
+                }
+            }
+        }
+
+        return view("customers/form", $data);
+    }
+
+    /**
+     * Inserts/updates a customer
+     * @return ResponseInterface
+     */
+    public function postSave(int $customer_id = NEW_ENTRY): ResponseInterface
+    {
+        $first_name = $this->request->getPost('first_name');
+        $last_name = $this->request->getPost('last_name');
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+
+        // Format first and last name properly
+        $first_name = $this->nameize($first_name);
+        $last_name = $this->nameize($last_name);
+
+        $person_data = [
+            'first_name'   => $first_name,
+            'last_name'    => $last_name,
+            'gender'       => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
+            'email'        => $email,
+            'phone_number' => $this->request->getPost('phone_number'),
+            'address_1'    => $this->request->getPost('address_1'),
+            'address_2'    => $this->request->getPost('address_2'),
+            'city'         => $this->request->getPost('city'),
+            'state'        => $this->request->getPost('state'),
+            'zip'          => $this->request->getPost('zip'),
+            'country'      => $this->request->getPost('country'),
+            'comments'     => $this->request->getPost('comments')
+        ];
+
+        $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $this->request->getPost('date'));
+
+        $customer_data = [
+            'consent'           => $this->request->getPost('consent') != null,
+            'account_number'    => $this->request->getPost('account_number') == '' ? null : $this->request->getPost('account_number'),
+            'tax_id'            => $this->request->getPost('tax_id'),
+            'company_name'      => $this->request->getPost('company_name') == '' ? null : $this->request->getPost('company_name'),
+            'discount'          => $this->request->getPost('discount') == '' ? 0.00 : parse_decimals($this->request->getPost('discount')),
+            'discount_type'     => $this->request->getPost('discount_type') == null ? PERCENT : $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT),
+            'package_id'        => $this->request->getPost('package_id') == '' ? null : $this->request->getPost('package_id'),
+            'taxable'           => $this->request->getPost('taxable') != null,
+            'date'              => $date_formatter->format('Y-m-d H:i:s'),
+            'employee_id'       => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'sales_tax_code_id' => $this->request->getPost('sales_tax_code_id') == '' ? null : $this->request->getPost('sales_tax_code_id', FILTER_SANITIZE_NUMBER_INT)
+        ];
+
+        if ($this->customer->save_customer($person_data, $customer_data, $customer_id)) {
+            // Save customer to Mailchimp selected list    // TODO: addOrUpdateMember should be refactored. Potentially pass an array or object instead of 6 parameters.
+            $mailchimp_status = $this->request->getPost('mailchimp_status');
+            $this->mailchimp_lib->addOrUpdateMember(
+                $this->_list_id,
+                $email,
+                $first_name,
+                $last_name,
+                $mailchimp_status == null ? "" : $mailchimp_status,
+                ['vip' => $this->request->getPost('mailchimp_vip') != null]
+            );
+
+            // New customer
+            if ($customer_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Customers.successful_adding') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $customer_data['person_id']
+                ]);
+            } else { // Existing customer
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Customers.successful_updating') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $customer_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Customers.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * Verifies if an email address already exists. Used in app/Views/customers/form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckEmail(): ResponseInterface
+    {
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+        $person_id = $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT);
+
+        $exists = $this->customer->check_email_exists($email, $person_id);
+
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
+
+    /**
+     * Verifies if an account number already exists. Used in app/Views/customers/form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckAccountNumber(): ResponseInterface
+    {
+        $exists = $this->customer->check_account_number_exists($this->request->getPost('account_number'), $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT));
+
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
+
+    /**
+     * This deletes customers from the customers table
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $customers_to_delete = $this->request->getPost('ids');
+        $customers_info = $this->customer->get_multiple_info($customers_to_delete);
+
+        $count = 0;
+
+        foreach ($customers_info->getResult() as $info) {
+            if ($this->customer->delete($info->person_id)) {
+                // remove customer from Mailchimp selected list
+                $this->mailchimp_lib->removeMember($this->_list_id, $info->email);
+
+                $count++;
+            }
+        }
+
+        if ($count == count($customers_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Customers.successful_deleted') . ' ' . $count . ' ' . lang('Customers.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Customers.cannot_be_deleted')]);
+        }
+    }
+
+    /**
+     * Customers import from csv spreadsheet
+     *
+     * @return DownloadResponse The template for Customer CSV imports is returned and download forced.
+     * @noinspection PhpUnused
+     */
+    public function getCsv(): DownloadResponse
+    {
+        $name = 'importCustomers.csv';
+        $data = file_get_contents(WRITEPATH . "uploads/$name");
+        return $this->response->download($name, $data);
+    }
+
+    /**
+     * Displays the customer CSV import modal. Used in app/Views/people/manage.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getCsvImport(): string
+    {
+        return view('customers/form_csv_import');
+    }
+
+    /**
+     * Imports a CSV file containing customers. Used in app/Views/customers/form_csv_import.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postImportCsvFile(): ResponseInterface
+    {
+        if ($_FILES['file_path']['error'] != UPLOAD_ERR_OK) {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_failed')]);
+        } else {
+            if (($handle = fopen($_FILES['file_path']['tmp_name'], 'r')) !== false) {
+                // Skip the first row as it's the table description
+                fgetcsv($handle);
+                $i = 1;
+
+                $failCodes = [];
+
+                while (($data = fgetcsv($handle)) !== false) {
+                    $consent = $data[3] == '' ? 0 : 1;
+
+                    if (sizeof($data) >= 16 && $consent) {
+                        $email = strtolower($data[4]);
+                        $person_data = [
+                            'first_name'   => $data[0],
+                            'last_name'    => $data[1],
+                            'gender'       => $data[2],
+                            'email'        => $email,
+                            'phone_number' => $data[5],
+                            'address_1'    => $data[6],
+                            'address_2'    => $data[7],
+                            'city'         => $data[8],
+                            'state'        => $data[9],
+                            'zip'          => $data[10],
+                            'country'      => $data[11],
+                            'comments'     => $data[12]
+                        ];
+
+                        $customer_data = [
+                            'consent'       => $consent,
+                            'company_name'  => $data[13],
+                            'discount'      => $data[15],
+                            'discount_type' => $data[16],
+                            'taxable'       => $data[17] == '' ? 0 : 1,
+                            'date'          => date('Y-m-d H:i:s'),
+                            'employee_id'   => $this->employee->get_logged_in_employee_info()->person_id
+                        ];
+                        $account_number = $data[14];
+
+                        // Don't duplicate people with same email
+                        $invalidated = $this->customer->check_email_exists($email);
+
+                        if ($account_number != '') {
+                            $customer_data['account_number'] = $account_number;
+                            $invalidated &= $this->customer->check_account_number_exists($account_number);
+                        }
+                    } else {
+                        $invalidated = true;
+                    }
+
+                    if ($invalidated) {
+                        $failCodes[] = $i;
+                        log_message('error', "Row $i was not imported: Either email or account number already exist or data was invalid.");
+                    } elseif ($this->customer->save_customer($person_data, $customer_data)) {
+                        // Save customer to Mailchimp selected list
+                        $this->mailchimp_lib->addOrUpdateMember($this->_list_id, $person_data['email'], $person_data['first_name'], '', $person_data['last_name']);
+                    } else {
+                        $failCodes[] = $i;
+                    }
+
+                    ++$i;
+                }
+
+                if (count($failCodes) > 0) {
+                    $message = lang('Customers.csv_import_partially_failed', [count($failCodes), implode(', ', $failCodes)]);
+
+                    return $this->response->setJSON(['success' => false, 'message' => $message]);
+                } else {
+                    return $this->response->setJSON(['success' => true, 'message' => lang('Customers.csv_import_success')]);
+                }
+            } else {
+                return $this->response->setJSON(['success' => false, 'message' => lang('Customers.csv_import_nodata_wrongformat')]);
+            }
+        }
+    }
+}

app/Controllers/Employees.php

@@ -0,0 +1,259 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+
+/**
+ *
+ *
+ * @property module module
+ *
+ */
+class Employees extends Persons
+{
+    public function __construct()
+    {
+        parent::__construct('employees');
+
+        $this->module = model('Module');
+    }
+
+    /**
+     * Returns employee table data rows. This will be called with AJAX.
+     *
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(person_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'people.person_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $employees = $this->employee->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->employee->get_found_rows($search);
+
+        $data_rows = [];
+        foreach ($employees->getResult() as $person) {
+            $data_rows[] = get_person_data_row($person);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * AJAX called function gives search suggestions based on what is being searched for.
+     *
+     * @return ResponseInterface
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->employee->get_search_suggestions($search, 25, true);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->employee->get_search_suggestions($search);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * Loads the employee edit form
+     * @return string
+     */
+    public function getView(int $employee_id = NEW_ENTRY): string
+    {
+        $person_info = $this->employee->get_info($employee_id);
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
+            header('Location: ' . base_url('no_access/employees/employees'));
+            exit();
+        }
+
+        foreach (get_object_vars($person_info) as $property => $value) {
+            $person_info->$property = $value;
+        }
+        $data['person_info'] = $person_info;
+        $data['employee_id'] = $employee_id;
+
+        $modules = [];
+        foreach ($this->module->get_all_modules()->getResult() as $module) {
+            $module->grant = $this->employee->has_grant($module->module_id, $person_info->person_id);
+            $module->menu_group = $this->employee->get_menu_group($module->module_id, $person_info->person_id);
+
+            $modules[] = $module;
+        }
+        $data['all_modules'] = $modules;
+
+        $permissions = [];
+        foreach ($this->module->get_all_subpermissions()->getResult() as $permission) {    // TODO: subpermissions does not follow naming standards.
+            $permission->permission_id = str_replace(' ', '_', $permission->permission_id);
+            $permission->grant = $this->employee->has_grant($permission->permission_id, $person_info->person_id);
+
+            $permissions[] = $permission;
+        }
+        $data['all_subpermissions'] = $permissions;
+
+        return view('employees/form', $data);
+    }
+
+    /**
+     * Inserts/updates an employee
+     * @return ResponseInterface
+     */
+    public function postSave(int $employee_id = NEW_ENTRY): ResponseInterface
+    {
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if ($employee_id != NEW_ENTRY) {
+            $target_employee = $this->employee->get_info($employee_id);
+            if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
+                return $this->response->setJSON([
+                    'success' => false,
+                    'message' => lang('Employees.error_updating_admin'),
+                    'id'      => NEW_ENTRY
+                ]);
+            }
+        }
+
+        $first_name = $this->request->getPost('first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: duplicated code
+        $last_name = $this->request->getPost('last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $email = strtolower($this->request->getPost('email', FILTER_SANITIZE_EMAIL));
+
+        // format first and last name properly
+        $first_name = $this->nameize($first_name);
+        $last_name = $this->nameize($last_name);
+
+        $person_data = [
+            'first_name'   => $first_name,
+            'last_name'    => $last_name,
+            'gender'       => $this->request->getPost('gender', FILTER_SANITIZE_NUMBER_INT),
+            'email'        => $email,
+            'phone_number' => $this->request->getPost('phone_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_1'    => $this->request->getPost('address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'address_2'    => $this->request->getPost('address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'city'         => $this->request->getPost('city', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'state'        => $this->request->getPost('state', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'zip'          => $this->request->getPost('zip', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'country'      => $this->request->getPost('country', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'comments'     => $this->request->getPost('comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
+
+        $grants_array = [];
+        $isAdmin = $this->employee->isAdmin($current_user->person_id);
+
+        foreach ($this->module->get_all_permissions()->getResult() as $permission) {
+            $grants = [];
+            $grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
+
+            if ($grant == $permission->permission_id) {
+                if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
+                    continue;
+                }
+                $grants['permission_id'] = $permission->permission_id;
+                $grants['menu_group'] = $this->request->getPost('menu_group_' . $permission->permission_id) != null ? $this->request->getPost('menu_group_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '--';
+                $grants_array[] = $grants;
+            }
+        }
+
+        // Password has been changed OR first time password set
+        if (!empty($this->request->getPost('password')) && ENVIRONMENT != 'testing') {
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+            $employee_data = [
+                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                'password'      => password_hash($this->request->getPost('password'), PASSWORD_DEFAULT),
+                'hash_version'  => 2,
+                'language_code' => $exploded[0],
+                'language'      => $exploded[1]
+            ];
+        } else { // Password not changed
+            $exploded = explode(":", $this->request->getPost('language', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+            $employee_data = [
+                'username'      => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                'language_code' => $exploded[0],
+                'language'      => $exploded[1]
+            ];
+        }
+
+        if ($this->employee->save_employee($person_data, $employee_data, $grants_array, $employee_id)) {
+            // New employee
+            if ($employee_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Employees.successful_adding') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $employee_data['person_id']
+                ]);
+            } else { // Existing employee
+                $logged_in_employee_id = session()->get('person_id');
+                if ($employee_id == $logged_in_employee_id) {
+                    session()->set('language_code', $employee_data['language_code']);
+                    session()->set('language', $employee_data['language']);
+                }
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Employees.successful_updating') . ' ' . $first_name . ' ' . $last_name,
+                    'id'      => $employee_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Employees.error_adding_updating') . ' ' . $first_name . ' ' . $last_name,
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * This deletes employees from the employees table
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $current_user = $this->employee->get_logged_in_employee_info();
+
+        if (!$this->employee->isAdmin($current_user->person_id)) {
+            foreach ($employees_to_delete as $emp_id) {
+                if ($this->employee->isAdmin((int)$emp_id)) {
+                    return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
+                }
+            }
+        }
+
+        if ($this->employee->delete_list($employees_to_delete)) {    // TODO: this is passing a string, but delete_list expects an array
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Employees.successful_deleted') . ' ' . count($employees_to_delete) . ' ' . lang('Employees.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Employees.cannot_be_deleted')]);
+        }
+    }
+
+    /**
+     * Checks an employee username against the database. Used in app\Views\employees\form.php
+     *
+     * @param $employee_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getCheckUsername($employee_id): ResponseInterface
+    {
+        $exists = $this->employee->username_exists($employee_id, $this->request->getGet('username'));
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
+}

app/Controllers/Expenses.php

@@ -0,0 +1,193 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Expense;
+use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\OSPOS;
+use Config\Services;
+
+class Expenses extends Secure_Controller
+{
+    private Expense $expense;
+    private Expense_category $expense_category;
+
+    public function __construct()
+    {
+        parent::__construct('expenses');
+
+        $this->expense = model(Expense::class);
+        $this->expense_category = model(Expense_category::class);
+    }
+
+    /**
+     * @return void
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_expenses_manage_table_headers();
+
+        // filters that will be loaded in the multiselect dropdown
+        $data['filters'] = [
+            'only_cash'   => lang('Expenses.cash_filter'),
+            'only_due'    => lang('Expenses.due_filter'),
+            'only_check'  => lang('Expenses.check_filter'),
+            'only_credit' => lang('Expenses.credit_filter'),
+            'only_debit'  => lang('Expenses.debit_filter'),
+            'is_deleted'  => lang('Expenses.is_deleted')
+        ];
+
+        return view('expenses/manage', $data);
+    }
+
+    /**
+     * @return void
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search   = $this->request->getGet('search');
+        $limit    = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset   = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort     = $this->sanitizeSortColumn(expense_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_id');
+        $order    = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $filters  = [
+            'start_date'  => $this->request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'end_date'    => $this->request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'only_cash'   => false,
+            'only_due'    => false,
+            'only_check'  => false,
+            'only_credit' => false,
+            'only_debit'  => false,
+            'is_deleted'  => false
+        ];
+
+        // Check if any filter is set in the multiselect dropdown
+        $request_filters = array_fill_keys($this->request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? [], true);
+        $filters = array_merge($filters, $request_filters);
+        $expenses = $this->expense->search($search, $filters, $limit, $offset, $sort, $order);
+        $total_rows = $this->expense->get_found_rows($search, $filters);
+        $payments = $this->expense->get_payments_summary($search, $filters);
+        $payment_summary = get_expenses_manage_payments_summary($payments, $expenses);
+        $data_rows = [];
+
+        foreach ($expenses->getResult() as $expense) {
+            $data_rows[] = get_expenses_data_row($expense);
+        }
+
+        if ($total_rows > 0) {
+            $data_rows[] = get_expenses_data_last_row($expenses);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows, 'payment_summary' => $payment_summary]);
+    }
+
+    /**
+     * @param int $expense_id
+     * @return void
+     */
+    public function getView(int $expense_id = NEW_ENTRY): string
+    {
+        $data = [];    // TODO: Duplicated code
+
+        $data['employees'] = [];
+        foreach ($this->employee->get_all()->getResult() as $employee) {
+            foreach (get_object_vars($employee) as $property => $value) {
+                $employee->$property = $value;
+            }
+
+            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        }
+
+        $data['expenses_info'] = $this->expense->get_info($expense_id);
+
+        $expense_categories = [];
+        foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
+            $expense_categories[$row['expense_category_id']] = $row['category_name'];
+        }
+        $data['expense_categories'] = $expense_categories;
+
+        $expense_id = $data['expenses_info']->expense_id;
+
+        if ($expense_id == NEW_ENTRY) {
+            $data['expenses_info']->date = date('Y-m-d H:i:s');
+            $data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        }
+
+        $data['payments'] = [];
+        foreach ($this->expense->get_expense_payment($expense_id)->getResult() as $payment) {
+            foreach (get_object_vars($payment) as $property => $value) {
+                $payment->$property = $value;
+            }
+
+            $data['payments'][] = $payment;
+        }
+
+        // Don't allow gift card to be a payment option in a sale transaction edit because it's a complex change
+        $data['payment_options'] = $this->expense->get_payment_options();
+
+        return view("expenses/form", $data);
+    }
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $expense_info = $this->expense->get_info($row_id);
+        $data_row = get_expenses_data_row($expense_info);
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * @param int $expense_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $expense_id = NEW_ENTRY): ResponseInterface
+    {
+        $config = config(OSPOS::class)->settings;
+        $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
+
+        $expense_data = [
+            'date'                => $date_formatter->format('Y-m-d H:i:s'),
+            'supplier_id'         => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
+            'supplier_tax_code'   => $this->request->getPost('supplier_tax_code', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'amount'              => parse_decimals($this->request->getPost('amount')),
+            'tax_amount'          => parse_decimals($this->request->getPost('tax_amount')),
+            'payment_type'        => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
+            'description'         => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'employee_id'         => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'deleted'             => $this->request->getPost('deleted') != null
+        ];
+
+        if ($this->expense->save_value($expense_data, $expense_id)) {
+            // New Expense
+            if ($expense_id == NEW_ENTRY) {
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_adding'), 'id' => $expense_data['expense_id']]);
+            } else { // Existing Expense
+                return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_updating'), 'id' => $expense_id]);
+            }
+        } else { // Failure
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.error_adding_updating'), 'id' => NEW_ENTRY]);
+        }
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $expenses_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->expense->delete_list($expenses_to_delete)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Expenses.successful_deleted') . ' ' . count($expenses_to_delete) . ' ' . lang('Expenses.one_or_multiple'), 'ids' => $expenses_to_delete]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses.cannot_be_deleted'), 'ids' => $expenses_to_delete]);
+        }
+    }
+}

app/Controllers/Expenses_categories.php

@@ -0,0 +1,125 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Expense_category;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+
+class Expenses_categories extends Secure_Controller    // TODO: Is this class ever used?
+{
+    private Expense_category $expense_category;
+
+    public function __construct()
+    {
+        parent::__construct('expenses_categories');
+
+        $this->expense_category = model(Expense_category::class);
+    }
+
+    /**
+     * @return void
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_expense_category_manage_table_headers();
+
+        return view('expenses_categories/manage', $data);
+    }
+
+    /**
+     * Returns expense_category_manage table data rows. This will be called with AJAX.
+     **/
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(expense_category_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'expense_category_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $expense_categories = $this->expense_category->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->expense_category->get_found_rows($search);
+
+        $data_rows = [];
+        foreach ($expense_categories->getResult() as $expense_category) {
+            $data_rows[] = get_expense_category_data_row($expense_category);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * @param int $row_id
+     * @return void
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_expense_category_data_row($this->expense_category->get_info($row_id));
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function getView(int $expense_category_id = NEW_ENTRY): string
+    {
+        $data['category_info'] = $this->expense_category->get_info($expense_category_id);
+
+        return view("expenses_categories/form", $data);
+    }
+
+    /**
+     * @param int $expense_category_id
+     * @return void
+     */
+    public function postSave(int $expense_category_id = NEW_ENTRY): ResponseInterface
+    {
+        $expense_category_data = [
+            'category_name'        => $this->request->getPost('category_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'category_description' => $this->request->getPost('category_description', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ];
+
+        if ($this->expense_category->save_value($expense_category_data, $expense_category_id)) {
+            // New expense_category
+            if ($expense_category_id == NEW_ENTRY) {
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Expenses_categories.successful_adding'),
+                    'id'      => $expense_category_data['expense_category_id']
+                ]);
+            } else { // Existing Expense Category
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Expenses_categories.successful_updating'),
+                    'id'      => $expense_category_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Expenses_categories.error_adding_updating') . ' ' . $expense_category_data['category_name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * @return void
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $expense_category_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->expense_category->delete_list($expense_category_to_delete)) {    // TODO: Convert to ternary notation.
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Expenses_categories.successful_deleted') . ' ' . count($expense_category_to_delete) . ' ' . lang('Expenses_categories.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Expenses_categories.cannot_be_deleted')]);
+        }
+    }
+}

app/Controllers/Giftcards.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Giftcard;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\OSPOS;
+use Config\Services;
+
+class Giftcards extends Secure_Controller
+{
+    private Giftcard $giftcard;
+
+    public function __construct()
+    {
+        parent::__construct('giftcards');
+
+        $this->giftcard = model(Giftcard::class);
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_giftcards_manage_table_headers();
+
+        return view('giftcards/manage', $data);
+    }
+
+    /**
+     * Returns Giftcards table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search');
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(giftcard_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'giftcard_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $giftcards = $this->giftcard->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->giftcard->get_found_rows($search);
+
+        $data_rows = [];
+        foreach ($giftcards->getResult() as $giftcard) {
+            $data_rows[] = get_giftcard_data_row($giftcard);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * Gets search suggestions for giftcards. Used in app\Views\sales\register.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->giftcard->get_search_suggestions($search, true);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->giftcard->get_search_suggestions($search);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_giftcard_data_row($this->giftcard->get_info($row_id));
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * @param int $giftcard_id
+     * @return string
+     */
+    public function getView(int $giftcard_id = NEW_ENTRY): string
+    {
+        $config = config(OSPOS::class)->settings;
+        $giftcard_info = $this->giftcard->get_info($giftcard_id);
+
+        $data['selected_person_name'] = ($giftcard_id > 0 && isset($giftcard_info->person_id)) ? $giftcard_info->first_name . ' ' . $giftcard_info->last_name : '';
+        $data['selected_person_id'] = $giftcard_info->person_id;
+        if ($config['giftcard_number'] == 'random') {
+            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : '';
+        } else {
+            $max_number_obj = $this->giftcard->get_max_number();
+            $max_giftnumber = isset($max_number_obj) ? $this->giftcard->get_max_number()->giftcard_number : 0;    // TODO: variable does not follow naming standard.
+            $data['giftcard_number'] = $giftcard_id > 0 ? $giftcard_info->giftcard_number : $max_giftnumber + 1;
+        }
+        $data['giftcard_id'] = $giftcard_id;
+        $data['giftcard_value'] = $giftcard_info->value;
+
+        return view("giftcards/form", $data);
+    }
+
+    /**
+     * @param int $giftcard_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $giftcard_id = NEW_ENTRY): ResponseInterface
+    {
+        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($giftcard_id == NEW_ENTRY && trim($giftcard_number) == '') {
+            $giftcard_number = $this->giftcard->generate_unique_giftcard_name($giftcard_number);
+        }
+
+        $giftcard_data = [
+            'record_time'     => date('Y-m-d H:i:s'),
+            'giftcard_number' => $giftcard_number,
+            'value'           => parse_decimals($this->request->getPost('giftcard_amount')),
+            'person_id'       => empty($this->request->getPost('person_id')) ? null : $this->request->getPost('person_id', FILTER_SANITIZE_NUMBER_INT)
+        ];
+
+        if ($this->giftcard->save_value($giftcard_data, $giftcard_id)) {
+            // New giftcard
+            if ($giftcard_id == NEW_ENTRY) {    // TODO: Constant needed
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Giftcards.successful_adding') . ' ' . $giftcard_data['giftcard_number'],
+                    'id'      => $giftcard_data['giftcard_id']
+                ]);
+            } else { // Existing giftcard
+                return $this->response->setJSON([
+                    'success' => true,
+                    'message' => lang('Giftcards.successful_updating') . ' ' . $giftcard_data['giftcard_number'],
+                    'id'      => $giftcard_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Giftcards.error_adding_updating') . ' ' . $giftcard_data['giftcard_number'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * Checks the giftcard number validity. Used in app\Views\giftcards\form.php
+     *
+     * @return void
+     * @noinspection PhpUnused
+     */
+    public function postCheckNumberGiftcard(): ResponseInterface
+    {
+        $existing_id = $this->request->getPost('giftcard_id', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_number = $this->request->getPost('giftcard_number', FILTER_SANITIZE_NUMBER_INT);
+        $giftcard_id = $this->giftcard->get_giftcard_id($giftcard_number);
+        $success = ($giftcard_id == (int) $existing_id || !$giftcard_id );
+
+        return $this->response->setJSON($success ? 'true' : 'false');
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $giftcards_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->giftcard->delete_list($giftcards_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Giftcards.successful_deleted') . ' ' . count($giftcards_to_delete) . ' ' . lang('Giftcards.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Giftcards.cannot_be_deleted')]);
+        }
+    }
+}

app/Controllers/Home.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace App\Controllers;
+
+use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class Home extends Secure_Controller
+{
+    public function __construct()
+    {
+        parent::__construct('home', null, 'home');
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $logged_in = $this->employee->is_logged_in();
+        return view('home/home');
+    }
+
+    /**
+     * Logs the currently logged in employee out of the system.  Used in app/Views/partial/header.php
+     *
+     * @return RedirectResponse
+     * @noinspection PhpUnused
+     */
+    public function getLogout(): RedirectResponse
+    {
+        $this->employee->logout();
+        return redirect()->to('login');
+    }
+
+    /**
+     * Load "change employee password" form
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getChangePassword(int $employeeId = NEW_ENTRY): string
+    {
+        $loggedInEmployee = $this->employee->get_logged_in_employee_info();
+        $currentPersonId = $loggedInEmployee->person_id;
+
+        $employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
+
+        if (!$this->employee->can_modify_employee($employeeId, $currentPersonId)) {
+            header('Location: ' . base_url('no_access/home/home'));
+            exit();
+        }
+
+        $person_info = $this->employee->get_info($employeeId);
+        foreach (get_object_vars($person_info) as $property => $value) {
+            $person_info->$property = $value;
+        }
+        $data['person_info'] = $person_info;
+
+        return view('home/form_change_password', $data);
+    }
+
+    /**
+     * Change employee password
+     *
+     * @return ResponseInterface
+     */
+    public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
+    {
+        $currentUser = $this->employee->get_logged_in_employee_info();
+
+        $employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
+
+        if (!$this->employee->can_modify_employee($employeeId, $currentUser->person_id)) {
+            return $this->response->setStatusCode(403)->setJSON([
+                'success' => false,
+                'message' => lang('Employees.unauthorized_modify')
+            ]);
+        }
+
+        if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
+            if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
+                // Validate password length BEFORE hashing
+                $new_password = $this->request->getPost('password');
+                
+                if (strlen($new_password) < 8) {
+                    return $this->response->setJSON([
+                        'success' => false,
+                        'message' => lang('Employees.password_minlength'),
+                        'id'      => NEW_ENTRY
+                    ]);
+                }
+                
+                $employee_data = [
+                    'username'     => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+                    'password'     => password_hash($new_password, PASSWORD_DEFAULT),
+                    'hash_version' => 2
+                ];
+
+                if ($this->employee->change_password($employee_data, $employeeId)) {
+                    return $this->response->setJSON([
+                        'success' => true,
+                        'message' => lang('Employees.successful_change_password'),
+                        'id'      => $employeeId
+                    ]);
+                } else {
+                    return $this->response->setJSON([
+                        'success' => false,
+                        'message' => lang('Employees.unsuccessful_change_password'),
+                        'id'      => NEW_ENTRY
+                    ]);
+                }
+            } else {
+                return $this->response->setJSON([
+                    'success' => false,
+                    'message' => lang('Employees.current_password_invalid'),
+                    'id'      => NEW_ENTRY
+                ]);
+            }
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Employees.current_password_invalid'),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+}

app/Controllers/Item_kits.php

@@ -0,0 +1,295 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\Barcode_lib;
+
+use App\Models\Item;
+use App\Models\Item_kit;
+use App\Models\Item_kit_items;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+
+class Item_kits extends Secure_Controller
+{
+    private Item $item;
+    private Item_kit $item_kit;
+    private Item_kit_items $item_kit_items;
+
+    public function __construct()
+    {
+        parent::__construct('item_kits');
+
+        $this->item = model(Item::class);
+        $this->item_kit = model(Item_kit::class);
+        $this->item_kit_items = model(Item_kit_items::class);
+    }
+
+    /**
+     * Add the total cost and retail price to a passed item_kit retrieving the data from each singular item part of the kit
+     */
+    private function _add_totals_to_item_kit(object $item_kit): object    // TODO: Hungarian notation
+    {
+        $kit_item_info = $this->item->get_info($item_kit->kit_item_id ?? $item_kit->item_id);
+
+        $item_kit->total_cost_price = 0;
+        $item_kit->total_unit_price = $kit_item_info->unit_price;
+        $total_quantity = 0;
+
+        foreach ($this->item_kit_items->get_info($item_kit->item_kit_id) as $item_kit_item) {
+            $item_info = $this->item->get_info($item_kit_item['item_id']);
+            foreach (get_object_vars($item_info) as $property => $value) {
+                $item_info->$property = $value;
+            }
+
+            $item_kit->total_cost_price += $item_info->cost_price * $item_kit_item['quantity'];
+
+            if ($item_kit->price_option == PRICE_OPTION_ALL || ($item_kit->price_option == PRICE_OPTION_KIT_STOCK && $item_info->stock_type == HAS_STOCK)) {
+                $item_kit->total_unit_price += $item_info->unit_price * $item_kit_item['quantity'];
+                $total_quantity += $item_kit_item['quantity'];
+            }
+        }
+
+        $discount_fraction = bcdiv($item_kit->kit_discount, '100');
+
+        $item_kit->total_unit_price = $item_kit->total_unit_price - round(($item_kit->kit_discount_type == PERCENT)
+            ? bcmul($item_kit->total_unit_price, $discount_fraction)
+            : $item_kit->kit_discount, totals_decimals(), PHP_ROUND_HALF_UP);
+
+        return $item_kit;
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_item_kits_manage_table_headers();
+
+        return view('item_kits/manage', $data);
+    }
+
+    /**
+     * Returns Item_kit table data rows. This will be called with AJAX.
+     */
+    public function getSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('search') ?? '';
+        $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
+        $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
+        $sort   = $this->sanitizeSortColumn(item_kit_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_kit_id');
+        $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $item_kits = $this->item_kit->search($search, $limit, $offset, $sort, $order);
+        $total_rows = $this->item_kit->get_found_rows($search);
+
+        $data_rows = [];
+        foreach ($item_kits->getResult() as $item_kit) {
+            // Calculate the total cost and retail price of the Kit, so it can be printed out in the manage table
+            $item_kit = $this->_add_totals_to_item_kit($item_kit);
+            $data_rows[] = get_item_kit_data_row($item_kit);
+        }
+
+        return $this->response->setJSON(['total' => $total_rows, 'rows' => $data_rows]);
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function suggest_search(): ResponseInterface
+    {
+        $search = $this->request->getPost('term');
+        $suggestions = $this->item_kit->get_search_suggestions($search);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * @param int $row_id
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        // Calculate the total cost and retail price of the Kit, so it can be added to the table refresh
+        $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($row_id));
+
+        return $this->response->setJSON(get_item_kit_data_row($item_kit));
+    }
+
+    /**
+     * @param int $item_kit_id
+     * @return string
+     */
+    public function getView(int $item_kit_id = NEW_ENTRY): string
+    {
+        $info = $this->item_kit->get_info($item_kit_id);
+
+        if ($item_kit_id == NEW_ENTRY) {
+            $info->price_option = '0';
+            $info->print_option = PRINT_ALL;
+            $info->kit_item_id = 0;
+            $info->item_number = '';
+            $info->kit_discount = 0;
+        }
+
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+
+        $data['item_kit_info']  = $info;
+
+        $items = [];
+
+        foreach ($this->item_kit_items->get_info($item_kit_id) as $item_kit_item) {
+            $item['kit_sequence'] = $item_kit_item['kit_sequence'];
+            $item['name'] = $this->item->get_info($item_kit_item['item_id'])->name;
+            $item['item_id'] = $item_kit_item['item_id'];
+            $item['quantity'] = $item_kit_item['quantity'];
+
+            $items[] = $item;
+        }
+
+        $data['item_kit_items'] = $items;
+
+        $data['selected_kit_item_id'] = $info->kit_item_id;
+        $data['selected_kit_item'] = ($item_kit_id > 0 && isset($info->kit_item_id)) ? $info->item_name : '';
+
+        return view("item_kits/form", $data);
+    }
+
+    /**
+     * @param int $item_kit_id
+     * @return ResponseInterface
+     */
+    public function postSave(int $item_kit_id = NEW_ENTRY): ResponseInterface
+    {
+        $item_kit_data = [
+            'name'              => $this->request->getPost('name'),
+            'item_kit_number'   => $this->request->getPost('item_kit_number'),
+            'item_id'           => $this->request->getPost('kit_item_id'),
+            'kit_discount'      => parse_decimals($this->request->getPost('kit_discount')),
+            'kit_discount_type' => $this->request->getPost('kit_discount_type') === null ? PERCENT : intval($this->request->getPost('kit_discount_type')),
+            'price_option'      => $this->request->getPost('price_option') === null ? PRICE_ALL : intval($this->request->getPost('price_option')),
+            'print_option'      => $this->request->getPost('print_option') === null ? PRINT_ALL : intval($this->request->getPost('print_option')),
+            'description'       => $this->request->getPost('description')
+        ];
+
+        if ($this->item_kit->save_value($item_kit_data, $item_kit_id)) {
+            $new_item = false;
+            // New item kit
+            if ($item_kit_id == NEW_ENTRY) {
+                $item_kit_id = $item_kit_data['item_kit_id'];
+                $new_item = true;
+            }
+
+            $item_kit_items_array = $this->request->getPost('item_kit_qty') === null ? null : $this->request->getPost('item_kit_qty');
+
+            if ($item_kit_items_array != null) {
+                $item_kit_items = [];
+                foreach ($item_kit_items_array as $item_id => $item_kit_qty) {
+                    $item_kit_items[] = [
+                        'item_id'      => $item_id,
+                        'quantity'     => $item_kit_qty === null ? 0 : parse_quantity($item_kit_qty),
+                        'kit_sequence' => $this->request->getPost("item_kit_seq[$item_id]") === null ? 0 : intval($this->request->getPost("item_kit_seq[$item_id]"))
+                    ];
+                }
+            }
+
+            if (!empty($item_kit_items)) {
+                $success = $this->item_kit_items->save_value($item_kit_items, $item_kit_id);
+            } else {
+                $success = true;
+            }
+
+            if ($new_item) {
+                return $this->response->setJSON([
+                    'success' => $success,
+                    'message' => lang('Item_kits.successful_adding') . ' ' . $item_kit_data['name'],
+                    'id'      => $item_kit_id
+                ]);
+            } else {
+                return $this->response->setJSON([
+                    'success' => $success,
+                    'message' => lang('Item_kits.successful_updating') . ' ' . $item_kit_data['name'],
+                    'id'      => $item_kit_id
+                ]);
+            }
+        } else { // Failure
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Item_kits.error_adding_updating') . ' ' . $item_kit_data['name'],
+                'id'      => NEW_ENTRY
+            ]);
+        }
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function postDelete(): ResponseInterface
+    {
+        $item_kits_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        if ($this->item_kit->delete_list($item_kits_to_delete)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Item_kits.successful_deleted') . ' ' . count($item_kits_to_delete) . ' ' . lang('Item_kits.one_or_multiple')
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Item_kits.cannot_be_deleted')]);
+        }
+    }
+
+    /**
+     * Checks the validity of the item kit number. Used in app/Views/item_kits/form.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postCheckItemNumber(): ResponseInterface
+    {
+        $exists = $this->item_kit->item_number_exists($this->request->getPost('item_kit_number', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('item_kit_id', FILTER_SANITIZE_NUMBER_INT));
+        return $this->response->setJSON(!$exists ? 'true' : 'false');
+    }
+
+    /**
+     * AJAX called function that generates barcodes for selected item_kits.
+     *
+     * @param string $item_kit_ids Colon separated list of item_kit_id values to generate barcodes for.
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getGenerateBarcodes(string $item_kit_ids): string
+    {
+        $barcode_lib = new Barcode_lib();
+        $result = [];
+
+        $item_kit_ids = explode(':', $item_kit_ids);
+        foreach ($item_kit_ids as $item_kid_id) {
+            // Calculate the total cost and retail price of the Kit, so it can be added to the barcode text at the bottom
+            $item_kit = $this->_add_totals_to_item_kit($this->item_kit->get_info($item_kid_id));
+
+            $item_kid_id = 'KIT ' . urldecode($item_kid_id);
+
+            $result[] = [
+                'name'        => $item_kit->name,
+                'item_id'     => $item_kid_id,
+                'item_number' => $item_kid_id,
+                'cost_price'  => $item_kit->total_cost_price,
+                'unit_price'  => $item_kit->total_unit_price
+            ];
+        }
+
+        $data['items'] = $result;
+        $barcode_config = $barcode_lib->get_barcode_config();
+        // In case the selected barcode type is not Code39 or Code128 we set by default Code128
+        // The rationale for this is that EAN codes cannot have strings as seed, so 'KIT ' is not allowed
+        if ($barcode_config['barcode_type'] != 'C39' && $barcode_config['barcode_type'] != 'C128') {
+            $barcode_config['barcode_type'] = 'C128';
+        }
+        $data['barcode_config'] = $barcode_config;
+
+        // Display barcodes
+        return view("barcodes/barcode_sheet", $data);
+    }
+}

app/Controllers/Login.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\MY_Migration;
+use App\Models\Employee;
+use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\Model;
+use Config\OSPOS;
+use Config\Services;
+
+/**
+ * @property employee employee
+ */
+class Login extends BaseController
+{
+    public Model $employee;
+
+    /**
+     * @return RedirectResponse|string
+     */
+    public function index(): string|RedirectResponse
+    {
+        $this->employee = model(Employee::class);
+        if (!$this->employee->is_logged_in()) {
+            $migration = new MY_Migration(config('Migrations'));
+            $config = config(OSPOS::class)->settings;
+
+            $gcaptcha_enabled = array_key_exists('gcaptcha_enable', $config)
+                ? $config['gcaptcha_enable']
+                : false;
+
+            $migration->migrate_to_ci4();
+
+            $validation = Services::validation();
+
+            $data = [
+                'has_errors'       => false,
+                'is_latest'        => $migration->is_latest(),
+                'latest_version'   => $migration->get_latest_migration(),
+                'gcaptcha_enabled' => $gcaptcha_enabled,
+                'config'           => $config,
+                'validation'       => $validation
+            ];
+
+            if ($this->request->getMethod() !== 'POST') {
+                return view('login', $data);
+            }
+
+            $rules = ['username' => 'required|login_check[data]'];
+            $messages = [
+                'username' => [
+                    'required'    => lang('Login.required_username'),
+                    'login_check' => lang('Login.invalid_username_and_password'),
+                ]
+            ];
+
+            if (!$this->validate($rules, $messages)) {
+                $data['has_errors'] = !empty($validation->getErrors());
+
+                return view('login', $data);
+            }
+
+            if (!$data['is_latest']) {
+                set_time_limit(3600);
+
+                $migration->setNamespace('App')->latest();
+                return redirect()->to('login');
+            }
+        }
+
+        return redirect()->to('home');
+    }
+}

app/Controllers/Messages.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\Sms_lib;
+
+use App\Models\Person;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class Messages extends Secure_Controller
+{
+    private Sms_lib $sms_lib;
+
+    public function __construct()
+    {
+        parent::__construct('messages');
+
+        $this->sms_lib = new Sms_lib();
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return view('messages/sms');
+    }
+
+    /**
+     * @param int $person_id
+     * @return string
+     */
+    public function getView(int $person_id = NEW_ENTRY): string
+    {
+        $person = model(Person::class);
+        $info = $person->get_info($person_id);
+
+        foreach (get_object_vars($info) as $property => $value) {
+            $info->$property = $value;
+        }
+        $data['person_info'] = $info;
+
+        return view('messages/form_sms', $data);
+    }
+
+    /**
+     * @return ResponseInterface
+     */
+    public function send(): ResponseInterface
+    {
+        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $response = $this->sms_lib->sendSMS($phone, $message);
+
+        if ($response) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Messages.successfully_sent') . ' ' . esc($phone)]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone)]);
+        }
+    }
+
+    /**
+     * Sends an SMS message to a user. Used in app/Views/messages/form_sms.php.
+     *
+     * @param int $person_id
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function send_form(int $person_id = NEW_ENTRY): ResponseInterface
+    {
+        $phone   = $this->request->getPost('phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $message = $this->request->getPost('message', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+
+        $response = $this->sms_lib->sendSMS($phone, $message);
+
+        if ($response) {
+            return $this->response->setJSON([
+                'success'   => true,
+                'message'   => lang('Messages.successfully_sent') . ' ' . esc($phone),
+                'person_id' => $person_id
+            ]);
+        } else {
+            return $this->response->setJSON([
+                'success'   => false,
+                'message'   => lang('Messages.unsuccessfully_sent') . ' ' . esc($phone),
+                'person_id' => NEW_ENTRY
+            ]);
+        }
+    }
+}

app/Controllers/No_access.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Module;
+use CodeIgniter\HTTP\ResponseInterface;
+
+/**
+ * Part of the grants mechanism to restrict access to modules that the user doesn't have permission for.
+ * Instantiated in the views.
+ *
+ * @property module module
+ */
+class No_access extends BaseController
+{
+    private Module $module;
+
+    public function __construct()
+    {
+        $this->module = model(Module::class);
+    }
+
+    /**
+     * @param string $module_id
+     * @param string $permission_id
+     * @return string
+     */
+    public function getIndex(string $module_id = '', string $permission_id = ''): string
+    {
+        $data['module_name']   = $this->module->get_module_name($module_id);
+        $data['permission_id'] = $permission_id;
+
+        return view('no_access', $data);
+    }
+}

app/Controllers/Office.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Employee;
+use CodeIgniter\HTTP\ResponseInterface;
+
+/**
+ * @property Employee employee
+ */
+class Office extends Secure_Controller
+{
+    protected Employee $employee;
+
+    public function __construct()
+    {
+        parent::__construct('office', null, 'office');
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return view('home/office');
+    }
+
+    /**
+     * @return void
+     */
+    public function logout(): void
+    {
+        $this->employee = model(Employee::class);
+
+        $this->employee->logout();
+    }
+}

app/Controllers/Persons.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Models\Person;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+use function Tamtamchik\NameCase\str_name_case;
+
+abstract class Persons extends Secure_Controller
+{
+    protected Person $person;
+
+    /**
+     * @param string|null $module_id
+     */
+    public function __construct(?string $module_id = null)
+    {
+        parent::__construct($module_id);
+
+        $this->person = model(Person::class);
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        $data['table_headers'] = get_people_manage_table_headers();
+
+        return view('people/manage', $data);
+    }
+
+    /**
+     * Gives search suggestions based on what is being searched for
+     * @return ResponseInterface
+     */
+    public function getSuggest(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->person->get_search_suggestions($search);
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * Gets one row for a person manage table. This is called using AJAX to update one row.
+     * @return ResponseInterface
+     */
+    public function getRow(int $row_id): ResponseInterface
+    {
+        $data_row = get_person_data_row($this->person->get_info($row_id));
+
+        return $this->response->setJSON($data_row);
+    }
+
+    /**
+     * Capitalize segments of a name, and put the rest into lower case.
+     * You can pass the characters you want to use as delimiters as exceptions.
+     * The function supports UTF-8 strings
+     *
+     * Example:
+     * i.e. <?php echo nameize("john o'grady-smith"); ?>
+     *
+     * returns John O'Grady-Smith
+     */
+    protected function nameize(string $input): string
+    {
+        $adjusted_name = str_name_case($input);
+
+        // TODO: Use preg_replace to match HTML entities and convert them to lowercase. This is a workaround for https://github.com/tamtamchik/namecase/issues/20
+        return preg_replace_callback('/&[a-zA-Z0-9#]+;/', function ($matches) {
+            return strtolower($matches[0]);
+        }, $adjusted_name);
+    }
+}

app/Controllers/Plugins/Manage.php

@@ -0,0 +1,99 @@
+<?php
+
+namespace App\Controllers\Plugins;
+
+use App\Controllers\Secure_Controller;
+use App\Libraries\Plugins\PluginManager;
+use CodeIgniter\HTTP\ResponseInterface;
+
+class Manage extends Secure_Controller
+{
+    private PluginManager $pluginManager;
+
+    public function __construct()
+    {
+        parent::__construct('plugins');
+        $this->pluginManager = new PluginManager();
+        $this->pluginManager->discoverPlugins();
+    }
+
+    public function getIndex(): string
+    {
+        $plugins = $this->pluginManager->getAllPlugins();
+        $enabledPlugins = $this->pluginManager->getEnabledPlugins();
+
+        $pluginData = [];
+        foreach ($plugins as $pluginId => $plugin) {
+            $pluginData[$pluginId] = [
+                'id' => $plugin->getPluginId(),
+                'name' => $plugin->getPluginName(),
+                'description' => $plugin->getPluginDescription(),
+                'version' => $plugin->getVersion(),
+                'enabled' => isset($enabledPlugins[$pluginId]),
+                'has_config' => $plugin->getConfigView() !== null,
+            ];
+        }
+
+        echo view('plugins/manage', ['plugins' => $pluginData]);
+        return '';
+    }
+
+    public function postEnable(string $pluginId): ResponseInterface
+    {
+        if ($this->pluginManager->enablePlugin($pluginId)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Plugins.plugin_enabled')]);
+        }
+        return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_enable_failed')]);
+    }
+
+    public function postDisable(string $pluginId): ResponseInterface
+    {
+        if ($this->pluginManager->disablePlugin($pluginId)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Plugins.plugin_disabled')]);
+        }
+        return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_disable_failed')]);
+    }
+
+    public function postUninstall(string $pluginId): ResponseInterface
+    {
+        if ($this->pluginManager->uninstallPlugin($pluginId)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Plugins.plugin_uninstalled')]);
+        }
+        return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_uninstall_failed')]);
+    }
+
+    public function getConfig(string $pluginId): ResponseInterface
+    {
+        $plugin = $this->pluginManager->getPlugin($pluginId);
+        
+        if (!$plugin) {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_not_found')]);
+        }
+
+        $configView = $plugin->getConfigView();
+        if (!$configView) {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_no_config')]);
+        }
+
+        $settings = $plugin->getSettings();
+        echo view($configView, ['settings' => $settings, 'plugin' => $plugin]);
+        return $this->response;
+    }
+
+    public function postSaveConfig(string $pluginId): ResponseInterface
+    {
+        $plugin = $this->pluginManager->getPlugin($pluginId);
+        
+        if (!$plugin) {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.plugin_not_found')]);
+        }
+
+        $settings = $this->request->getPost();
+        unset($settings['_method'], $settings['csrf_token_name']);
+
+        if ($plugin->saveSettings($settings)) {
+            return $this->response->setJSON(['success' => true, 'message' => lang('Plugins.settings_saved')]);
+        }
+        return $this->response->setJSON(['success' => false, 'message' => lang('Plugins.settings_save_failed')]);
+    }
+}

app/Controllers/Receivings.php

@@ -0,0 +1,530 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Libraries\Receiving_lib;
+use App\Libraries\Token_lib;
+use App\Libraries\Barcode_lib;
+use App\Models\Inventory;
+use App\Models\Item;
+use App\Models\Item_kit;
+use App\Models\Receiving;
+use App\Models\Stock_location;
+use App\Models\Supplier;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\OSPOS;
+use Config\Services;
+use ReflectionException;
+
+class Receivings extends Secure_Controller
+{
+    private Receiving_lib $receiving_lib;
+    private Token_lib $token_lib;
+    private Barcode_lib $barcode_lib;
+    private Inventory $inventory;
+    private Item $item;
+    private Item_kit $item_kit;
+    private Receiving $receiving;
+    private Stock_location $stock_location;
+    private Supplier $supplier;
+    private array $config;
+
+    public function __construct()
+    {
+        parent::__construct('receivings');
+
+        $this->receiving_lib = new Receiving_lib();
+        $this->token_lib = new Token_lib();
+        $this->barcode_lib = new Barcode_lib();
+
+        $this->inventory = model(Inventory::class);
+        $this->item_kit = model(Item_kit::class);
+        $this->item = model(Item::class);
+        $this->receiving = model(Receiving::class);
+        $this->stock_location = model(Stock_location::class);
+        $this->supplier = model(Supplier::class);
+        $this->config = config(OSPOS::class)->settings;
+    }
+
+    /**
+     * @return string
+     */
+    public function getIndex(): string
+    {
+        return $this->_reload();
+    }
+
+    /**
+     * Returns search suggestions for an item. Used in app/Views/sales/register.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getItemSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->item->get_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
+        $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * Gets search suggestions for a stock item. Used in app/Views/receivings/receiving.php
+     *
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function getStockItemSearch(): ResponseInterface
+    {
+        $search = $this->request->getGet('term');
+        $suggestions = $this->item->get_stock_search_suggestions($search, ['search_custom' => false, 'is_deleted' => false], true);
+        $suggestions = array_merge($suggestions, $this->item_kit->get_search_suggestions($search));
+
+        return $this->response->setJSON($suggestions);
+    }
+
+    /**
+     * Set supplier if it exists in the database. Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function postSelectSupplier(): string
+    {
+        $supplier_id = $this->request->getPost('supplier', FILTER_SANITIZE_NUMBER_INT);
+        if ($this->supplier->exists($supplier_id)) {
+            $this->receiving_lib->set_supplier($supplier_id);
+        }
+
+        return $this->_reload();    // TODO: Hungarian notation
+    }
+
+    /**
+     * Change receiving mode for current receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function postChangeMode(): string
+    {
+        $stock_destination = $this->request->getPost('stock_destination', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $stock_source = $this->request->getPost('stock_source', FILTER_SANITIZE_NUMBER_INT);
+
+        if ((!$stock_source || $stock_source == $this->receiving_lib->get_stock_source()) &&
+            (!$stock_destination || $stock_destination == $this->receiving_lib->get_stock_destination())
+        ) {
+            $this->receiving_lib->clear_reference();
+            $mode = $this->request->getPost('mode', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+            $this->receiving_lib->set_mode($mode);
+        } elseif ($this->stock_location->is_allowed_location($stock_source, 'receivings')) {
+            $this->receiving_lib->set_stock_source($stock_source);
+            $this->receiving_lib->set_stock_destination($stock_destination);
+        }
+
+        return $this->_reload();    // TODO: Hungarian notation
+    }
+
+    /**
+     * Sets receiving comment. Used in app/Views/receivings/receiving.php
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSetComment(): ResponseInterface
+    {
+        $this->receiving_lib->set_comment($this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+        return $this->response->setJSON(['success' => true]);
+    }
+
+    /**
+     * Sets the print after sale flag for the receiving. Used in app/Views/receivings/receiving.php
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSetPrintAfterSale(): ResponseInterface
+    {
+        $this->receiving_lib->set_print_after_sale($this->request->getPost('recv_print_after_sale') != null);
+        return $this->response->setJSON(['success' => true]);
+    }
+
+    /**
+     * Sets the reference number for the receiving.  Used in app/Views/receivings/receiving.php
+     * @return ResponseInterface
+     * @noinspection PhpUnused
+     */
+    public function postSetReference(): ResponseInterface
+    {
+        $this->receiving_lib->set_reference($this->request->getPost('recv_reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+        return $this->response->setJSON(['success' => true]);
+    }
+
+    /**
+     * Add an item to the receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function postAdd(): string
+    {
+        $data = [];
+
+        $mode = $this->receiving_lib->get_mode();
+        $item_id_or_number_or_item_kit_or_receipt = $this->request->getPost('item', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $this->token_lib->parse_barcode($quantity, $price, $item_id_or_number_or_item_kit_or_receipt);
+        $quantity = ($mode == 'receive' || $mode == 'requisition') ? $quantity : -$quantity;
+        $item_location = $this->receiving_lib->get_stock_source();
+        $discount = $this->config['default_receivings_discount'];
+        $discount_type = $this->config['default_receivings_discount_type'];
+
+        if ($mode == 'return' && $this->receiving->is_valid_receipt($item_id_or_number_or_item_kit_or_receipt)) {
+            $this->receiving_lib->return_entire_receiving($item_id_or_number_or_item_kit_or_receipt);
+        } elseif ($this->item_kit->is_valid_item_kit($item_id_or_number_or_item_kit_or_receipt)) {
+            $this->receiving_lib->add_item_kit($item_id_or_number_or_item_kit_or_receipt, $item_location, $discount, $discount_type);
+        } elseif (!$this->receiving_lib->add_item($item_id_or_number_or_item_kit_or_receipt, $quantity, $item_location, $discount,  $discount_type)) {
+            $data['error'] = lang('Receivings.unable_to_add_item');
+        }
+
+        return $this->_reload($data);    // TODO: Hungarian notation
+    }
+
+    /**
+     * Edit line item in current receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @param string|int|null $item_id
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function postEditItem($item_id): string
+    {
+        $data = [];
+
+        $validation_rule = [
+            'price'    => 'trim|required|decimal_locale',
+            'quantity' => 'trim|required|decimal_locale',
+            'discount' => 'trim|permit_empty|decimal_locale',
+        ];
+
+        $price = parse_decimals($this->request->getPost('price'));
+        $quantity = parse_quantity($this->request->getPost('quantity'));
+        $raw_receiving_quantity = parse_quantity($this->request->getPost('receiving_quantity'));
+
+        $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: Duplicated code
+        $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+        $discount_type = $this->request->getPost('discount_type', FILTER_SANITIZE_NUMBER_INT);
+        $discount = $discount_type
+            ? parse_quantity(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
+            : parse_decimals(filter_var($this->request->getPost('discount'), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION));
+
+        $receiving_quantity = filter_var($raw_receiving_quantity, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+
+        if ($this->validate($validation_rule)) {
+            $this->receiving_lib->edit_item($item_id, $description, $serialnumber, $quantity, $discount, $discount_type, $price, $receiving_quantity);
+        } else {
+            $data['error'] = lang('Receivings.error_editing_item');
+        }
+
+        return $this->_reload($data);    // TODO: Hungarian notation
+    }
+
+    /**
+     * Edit a receiving. Used in app/Controllers/Receivings.php
+     * @param $receiving_id
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getEdit($receiving_id): string
+    {
+        $data = [];
+
+        $data['suppliers'] = ['' => 'No Supplier'];
+        foreach ($this->supplier->get_all()->getResult() as $supplier) {
+            $data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
+        }
+
+        $data['employees'] = [];
+        foreach ($this->employee->get_all()->getResult() as $employee) {
+            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        }
+
+        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
+        $data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
+        $data['selected_supplier_id'] = $receiving_info['supplier_id'];
+        $data['receiving_info'] = $receiving_info;
+
+        return view('receivings/form', $data);
+    }
+
+    /**
+     * Deletes an item from the current receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @param $item_number
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getDeleteItem($item_number): string
+    {
+        $this->receiving_lib->delete_item($item_number);
+
+        return $this->_reload();    // TODO: Hungarian notation
+    }
+
+    /**
+     * @throws ReflectionException
+     * @return ResponseInterface
+     */
+    public function postDelete(int $receiving_id = -1, bool $update_inventory = true): ResponseInterface
+    {
+        $employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $receiving_ids = $receiving_id == -1 ? $this->request->getPost('ids', FILTER_SANITIZE_NUMBER_INT) : [$receiving_id];    // TODO: Replace -1 with constant
+
+        if ($this->receiving->delete_list($receiving_ids, $employee_id, $update_inventory)) {    // TODO: Likely need to surround this block of code in a try-catch to catch the ReflectionException
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Receivings.successfully_deleted') . ' ' . count($receiving_ids) . ' ' . lang('Receivings.one_or_multiple'),
+                'ids'     => $receiving_ids
+            ]);
+        } else {
+            return $this->response->setJSON(['success' => false, 'message' => lang('Receivings.cannot_be_deleted')]);
+        }
+    }
+
+    /**
+     * Removes a supplier from a receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getRemoveSupplier(): string
+    {
+        $this->receiving_lib->clear_reference();
+        $this->receiving_lib->remove_supplier();
+
+        return $this->_reload();    // TODO: Hungarian notation
+    }
+
+    /**
+     * Complete and finalize receiving.  Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @throws ReflectionException
+     * @noinspection PhpUnused
+     */
+    public function postComplete(): string
+    {
+
+        $data = [];
+
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['total'] = $this->receiving_lib->get_total();
+        $data['transaction_time'] = to_datetime(time());
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['comment'] = $this->receiving_lib->get_comment();
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['payment_type'] = $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
+        $data['stock_location'] = $this->receiving_lib->get_stock_source();
+        if ($this->request->getPost('amount_tendered') != null) {
+            $data['amount_tendered'] = parse_decimals($this->request->getPost('amount_tendered'));
+            $data['amount_change'] = to_currency($data['amount_tendered'] - $data['total']);
+        }
+
+        $employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $employee_info = $this->employee->get_info($employee_id);
+        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
+
+        $supplier_id = $this->receiving_lib->get_supplier();
+        if ($supplier_id != -1) {
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;    // TODO: duplicated code
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
+            $data['supplier_address'] = $supplier_info->address_1;
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
+                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
+            } else {
+                $data['supplier_location'] = '';
+            }
+        }
+
+        // SAVE receiving to database
+        $data['receiving_id'] = 'RECV ' . $this->receiving->save_value($data['cart'], $supplier_id, $employee_id, $data['comment'], $data['reference'], $data['payment_type'], $data['stock_location']);
+
+        if ($data['receiving_id'] == 'RECV -1') {
+            $data['error_message'] = lang('Receivings.transaction_failed');
+        } else {
+            $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
+        }
+
+        $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
+
+        $view = view("receivings/receipt", $data);
+
+        $this->receiving_lib->clear_all();
+
+        return $view;
+    }
+
+    /**
+     * Complete a receiving requisition. Used in app/Views/receivings/receiving.php.
+     *
+     * @return string
+     * @throws ReflectionException
+     * @noinspection PhpUnused
+     */
+    public function postRequisitionComplete(): string
+    {
+        if ($this->receiving_lib->get_stock_source() != $this->receiving_lib->get_stock_destination()) {
+            foreach ($this->receiving_lib->get_cart() as $item) {
+                $this->receiving_lib->delete_item($item['line']);
+                $this->receiving_lib->add_item($item['item_id'], $item['quantity'], $this->receiving_lib->get_stock_destination(), $item['discount_type']);
+                $this->receiving_lib->add_item($item['item_id'], -$item['quantity'], $this->receiving_lib->get_stock_source(), $item['discount_type']);
+            }
+
+            return $this->postComplete();
+        } else {
+            $data['error'] = lang('Receivings.error_requisition');
+
+            return $this->_reload($data);    // TODO: Hungarian notation
+        }
+    }
+
+    /**
+     * Gets the receipt for a receiving. Used in app/Views/receivings/form.php
+     *
+     * @param $receiving_id
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function getReceipt($receiving_id): string
+    {
+        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
+        $this->receiving_lib->copy_entire_receiving($receiving_id);
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['total'] = $this->receiving_lib->get_total();
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['transaction_time'] = to_datetime(strtotime($receiving_info['receiving_time']));
+        $data['show_stock_locations'] = $this->stock_location->show_locations('receivings');
+        $data['payment_type'] = $receiving_info['payment_type'];
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['receiving_id'] = 'RECV ' . $receiving_id;
+        $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['receiving_id']);
+        $employee_info = $this->employee->get_info($receiving_info['employee_id']);
+        $data['employee'] = $employee_info->first_name . ' ' . $employee_info->last_name;
+
+        $supplier_id = $this->receiving_lib->get_supplier();    // TODO: Duplicated code
+        if ($supplier_id != -1) {
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
+            $data['supplier_address'] = $supplier_info->address_1;
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
+                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
+            } else {
+                $data['supplier_location'] = '';
+            }
+        }
+
+        $data['print_after_sale'] = false;
+
+        $view = view("receivings/receipt", $data);
+
+        $this->receiving_lib->clear_all();
+
+        return $view;
+    }
+
+    /**
+     * @param array $data
+     * @return string
+     */
+    private function _reload(array $data = []): string    // TODO: Hungarian notation
+    {
+        $data['cart'] = $this->receiving_lib->get_cart();
+        $data['modes'] = ['receive' => lang('Receivings.receiving'), 'return' => lang('Receivings.return')];
+        $data['mode'] = $this->receiving_lib->get_mode();
+        $data['stock_locations'] = $this->stock_location->get_allowed_locations('receivings');
+        $data['show_stock_locations'] = count($data['stock_locations']) > 1;
+        if ($data['show_stock_locations']) {
+            $data['modes']['requisition'] = lang('Receivings.requisition');
+            $data['stock_source'] = $this->receiving_lib->get_stock_source();
+            $data['stock_destination'] = $this->receiving_lib->get_stock_destination();
+        }
+
+        $data['total'] = $this->receiving_lib->get_total();
+        $data['items_module_allowed'] = $this->employee->has_grant('items', $this->employee->get_logged_in_employee_info()->person_id);
+        $data['comment'] = $this->receiving_lib->get_comment();
+        $data['reference'] = $this->receiving_lib->get_reference();
+        $data['payment_options'] = $this->receiving->get_payment_options();
+
+        $supplier_id = $this->receiving_lib->get_supplier();
+
+        if ($supplier_id != -1) {    // TODO: Duplicated Code... replace -1 with a constant
+            $supplier_info = $this->supplier->get_info($supplier_id);
+            $data['supplier'] = $supplier_info->company_name;
+            $data['first_name'] = $supplier_info->first_name;
+            $data['last_name'] = $supplier_info->last_name;
+            $data['supplier_email'] = $supplier_info->email;
+            $data['supplier_address'] = $supplier_info->address_1;
+            if (!empty($supplier_info->zip) or !empty($supplier_info->city)) {
+                $data['supplier_location'] = $supplier_info->zip . ' ' . $supplier_info->city;
+            } else {
+                $data['supplier_location'] = '';
+            }
+        }
+
+        $data['print_after_sale'] = $this->receiving_lib->is_print_after_sale();
+
+        return view("receivings/receiving", $data);
+    }
+
+    /**
+     * @return ResponseInterface
+     * @throws ReflectionException
+     */
+    public function postSave(int $receiving_id = -1): ResponseInterface    // TODO: Replace -1 with a constant
+    {
+        $newdate = $this->request->getPost('date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);    // TODO: newdate does not follow naming conventions
+
+        $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
+        $receiving_time = $date_formatter->format('Y-m-d H:i:s');
+
+        $receiving_data = [
+            'receiving_time' => $receiving_time,
+            'supplier_id'    => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
+            'employee_id'    => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'comment'        => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
+            'reference'      => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
+        ];
+
+        $this->inventory->update('RECV ' . $receiving_id, ['trans_date' => $receiving_time]);
+        if ($this->receiving->update($receiving_id, $receiving_data)) {
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => lang('Receivings.successfully_updated'),
+                'id'      => $receiving_id
+            ]);
+        } else {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Receivings.unsuccessfully_updated'),
+                'id'      => $receiving_id
+            ]);
+        }
+    }
+
+    /**
+     * Cancel an in-process receiving. Used in app/Views/receivings/receiving.php
+     *
+     * @return string
+     * @noinspection PhpUnused
+     */
+    public function postCancelReceiving(): string
+    {
+        $this->receiving_lib->clear_all();
+
+        return $this->_reload();    // TODO: Hungarian Notation
+    }
+}